harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

SECURITY: DAV authentication issue

Browse Source
This commit is contained in:
redmatrix 2016-03-17 18:40:03 -07:00
parent df61970b39
commit 21c1f89eba
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Zotlabs/Storage/BasicAuth.php
View File

@ -110,7 +110,7 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic {
if ($x) {
// @fixme this foreach should not be needed?
foreach ($x as $record) {
if (($record['account_flags'] == ACCOUNT_OK) || ($record['account_flags'] == ACCOUNT_UNVERIFIED)
if ((($record['account_flags'] == ACCOUNT_OK) || ($record['account_flags'] == ACCOUNT_UNVERIFIED))
&& (hash('whirlpool', $record['account_salt'] . $password) === $record['account_password'])) {
logger('password verified for ' . $username);
return $this->setAuthenticated($r[0]);