diff options
Diffstat (limited to 'app/Models/Auth.php')
| -rw-r--r-- | app/Models/Auth.php | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/app/Models/Auth.php b/app/Models/Auth.php index f8f97e74e..bd7f05c66 100644 --- a/app/Models/Auth.php +++ b/app/Models/Auth.php @@ -213,6 +213,7 @@ class FreshRSS_Auth { class FreshRSS_FormAuth { public static function checkCredentials($username, $hash, $nonce, $challenge) { if (!FreshRSS_user_Controller::checkUsername($username) || + !ctype_graph($hash) || !ctype_graph($challenge) || !ctype_alnum($nonce)) { Minz_Log::debug('Invalid credential parameters:' . |