From 360c22fd2821ed440089d7899d4c6680a0676410 Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Fri, 10 Aug 2012 15:23:04 +0200 Subject: [PATCH] Validate cookie to prevent auth bypasses. --- index.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.php b/index.php index 3c38ff760f8..89eaec7d21a 100644 --- a/index.php +++ b/index.php @@ -77,7 +77,7 @@ elseif(OC_User::isLoggedIn()) { } // confirm credentials in cookie if(isset($_COOKIE['oc_token']) && OC_User::userExists($_COOKIE['oc_username']) && - OC_Preferences::getValue($_COOKIE['oc_username'], "login", "token") == $_COOKIE['oc_token']) { + OC_Preferences::getValue($_COOKIE['oc_username'], "login", "token") === $_COOKIE['oc_token']) { OC_User::setUserId($_COOKIE['oc_username']); OC_Util::redirectToDefaultPage(); }