diff options
| author | Daniel <daniel@mars.(none)> | 2012-04-15 10:30:22 +0200 |
|---|---|---|
| committer | Daniel <daniel@mars.(none)> | 2012-04-15 10:30:22 +0200 |
| commit | fd16784bcc4ffbd677d17f423d18ff60dc110f1e (patch) | |
| tree | f300193c82c120ea68d8c417ee669b260396e260 /lib | |
| parent | 44c34115a45fd3acd4450af415004263315a21f0 (diff) | |
| download | nextcloud-server-fd16784bcc4ffbd677d17f423d18ff60dc110f1e.tar.gz nextcloud-server-fd16784bcc4ffbd677d17f423d18ff60dc110f1e.zip | |
fix bug where users could use wildcards in username to login
e.g. user Peter could probably login using username Pet%
fixed same problem in the migration script
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/migrate.php | 2 | ||||
| -rw-r--r-- | lib/user/database.php | 4 |
2 files changed, 3 insertions, 3 deletions
diff --git a/lib/migrate.php b/lib/migrate.php index 1ce86198994..0218229d981 100644 --- a/lib/migrate.php +++ b/lib/migrate.php @@ -457,7 +457,7 @@ class OC_Migrate{ ); // Add hash if user export if( self::$exporttype == 'user' ){ - $query = OC_DB::prepare( "SELECT password FROM *PREFIX*users WHERE uid LIKE ?" ); + $query = OC_DB::prepare( "SELECT password FROM *PREFIX*users WHERE uid = ?" ); $result = $query->execute( array( self::$uid ) ); $row = $result->fetchRow(); $hash = $row ? $row['password'] : false; diff --git a/lib/user/database.php b/lib/user/database.php index c1bac1bb0b5..4738a8948cb 100644 --- a/lib/user/database.php +++ b/lib/user/database.php @@ -122,7 +122,7 @@ class OC_User_Database extends OC_User_Backend { * Check if the password is correct without logging in the user */ public function checkPassword( $uid, $password ){ - $query = OC_DB::prepare( "SELECT uid, password FROM *PREFIX*users WHERE uid LIKE ?" ); + $query = OC_DB::prepare( "SELECT uid, password FROM *PREFIX*users WHERE uid = ?" ); $result = $query->execute( array( $uid)); $row=$result->fetchRow(); @@ -172,7 +172,7 @@ class OC_User_Database extends OC_User_Backend { * @return boolean */ public function userExists($uid){ - $query = OC_DB::prepare( "SELECT * FROM `*PREFIX*users` WHERE uid LIKE ?" ); + $query = OC_DB::prepare( "SELECT * FROM `*PREFIX*users` WHERE uid = ?" ); $result = $query->execute( array( $uid )); return $result->numRows() > 0; |