diff options
| author |  Alexandre Alapetite <alexandre@alapetite.fr>
| 2020-04-17 10:56:06 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2020-04-17 10:56:06 +0200 |
| commit | a49db010e4a5e48017d8583c374210242a680ddd (patch) | |
| tree | 478dc92de33a2ee1ba17ddb330c16d1a5dee2c69 /app/Models | |
| parent | bdc4da6ad07f2f5dfa7cf397cf3a379199c0a2ed (diff) | |
A wrong login must return HTTP 403 (#2903)
* A wrong login must produce HTTP 403
#fix https://github.com/FreshRSS/FreshRSS/issues/2901
https://github.com/FreshRSS/FreshRSS/pull/2794/files#r389319248
* Just for consistency
Diffstat (limited to 'app/Models')
| -rw-r--r-- | app/Models/Auth.php | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/app/Models/Auth.php b/app/Models/Auth.php index f8f97e74e..bd7f05c66 100644 --- a/app/Models/Auth.php +++ b/app/Models/Auth.php @@ -213,6 +213,7 @@ class FreshRSS_Auth { class FreshRSS_FormAuth { public static function checkCredentials($username, $hash, $nonce, $challenge) { if (!FreshRSS_user_Controller::checkUsername($username) || + !ctype_graph($hash) || !ctype_graph($challenge) || !ctype_alnum($nonce)) { Minz_Log::debug('Invalid credential parameters:' . |