From 578aa4e42546a81e572ecda2061e238d34a4f421 Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@statuscode.ch>
Date: Sat, 29 Sep 2012 15:18:38 +0200
Subject: Removed sectoken

This token is completly useless since an attacker can easily extract it
from the page.
---
 lib/base.php | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

(limited to 'lib/base.php')

diff --git a/lib/base.php b/lib/base.php
index 5a2decc6f63..b89859ab2dd 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -528,11 +528,7 @@ class OC{
 	}
 
 	protected static function tryFormLogin() {
-		if(!isset($_POST["user"])
-		|| !isset($_POST['password'])
-		|| !isset($_SESSION['sectoken'])
-		|| !isset($_POST['sectoken'])
-		|| ($_SESSION['sectoken']!=$_POST['sectoken']) ) {
+		if(!isset($_POST["user"]) || !isset($_POST['password'])) {
 			return false;
 		}
 
-- 
cgit v1.2.3