diff options
| author |  Alexandre Alapetite <alexandre@alapetite.fr>
| 2017-03-11 10:36:48 +0100 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2017-03-11 10:36:48 +0100 |
| commit | be0bcfef7e38f27284ec7b377b342ba389515964 (patch) | |
| tree | 59d2d5a8e34fcb279a53a2b44fde1e36c888672d /app/Models/Auth.php | |
| parent | 5f637bd816b7323885bfe1751a1724ee59a822f6 (diff) | |
| parent | b34c318f02574b13560731035fd5a4f750aa1e9b (diff) | |
Merge pull request #1455 from FreshRSS/dev1.6.3
Release 1.6.3
Diffstat (limited to 'app/Models/Auth.php')
| -rw-r--r-- | app/Models/Auth.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/app/Models/Auth.php b/app/Models/Auth.php index b3255cfbd..476627e10 100644 --- a/app/Models/Auth.php +++ b/app/Models/Auth.php @@ -182,7 +182,7 @@ class FreshRSS_Auth { class FreshRSS_FormAuth { public static function checkCredentials($username, $hash, $nonce, $challenge) { - if (!ctype_alnum($username) || + if (!FreshRSS_user_Controller::checkUsername($username) || !ctype_graph($challenge) || !ctype_alnum($nonce)) { Minz_Log::debug('Invalid credential parameters:' . @@ -211,7 +211,7 @@ class FreshRSS_FormAuth { // Token has expired (> 1 month) or does not exist. // TODO: 1 month -> use a configuration instead @unlink($token_file); - return array(); + return array(); } $credentials = @file_get_contents($token_file); |