adulau/cakephp2-php8
1
0
Fork 0
mirror of https://github.com/kamilwylegala/cakephp2-php8.git synced 2025-01-18 10:36:16 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Re-removing the Auth vulnerability re-introduced in [6593]

Browse source 
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6595 3807eeeb-6ff5-0310-8944-8be069107fe0
This commit is contained in:
nate 2008-03-20 19:18:52 +00:00
parent d60191a1f6
commit 819cd1d667
2 changed files with 42 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
cake/libs/controller/components/auth.php
View file

@ -722,10 +722,7 @@ class AuthComponent extends Object {
} elseif (is_array($user) && isset($user[$this->userModel])) {
$user = $user[$this->userModel];
}
$debug = false;
if ($debug = Configure::read('debug')) {
Configure::write('debug', 0);
}
if (is_array($user) && (isset($user[$this->fields['username']]) || isset($user[$this->userModel . '.' . $this->fields['username']]))) {
if (isset($user[$this->fields['username']]) && !empty($user[$this->fields['username']]) && !empty($user[$this->fields['password']])) {
@ -741,8 +738,8 @@ class AuthComponent extends Object {
return false;
}
$find = array(
$this->fields['username'] => $user[$this->userModel . '.' . $this->fields['username']],
$this->fields['password'] => $user[$this->userModel . '.' . $this->fields['password']]
$this->fields['username'] => '= ' . $user[$this->userModel . '.' . $this->fields['username']],
$this->fields['password'] => '= ' . $user[$this->userModel . '.' . $this->fields['password']]
);
} else {
return false;
@ -760,9 +757,7 @@ class AuthComponent extends Object {
return null;
}
}
if ($debug) {
Configure::write('debug', $debug);
}
if (isset($data) && !empty($data)) {
if (!empty($data[$this->userModel][$this->fields['password']])) {
unset($data[$this->userModel][$this->fields['password']]);

38
cake/tests/cases/libs/controller/components/auth.test.php
View file

@ -377,6 +377,44 @@ class AuthTest extends CakeTestCase {
$this->Controller->Session->del('Auth');
}
function testInjection() {
$this->AuthUser =& new AuthUser();
Configure::write('debug', 1);
$this->AuthUser->id = 2;
$this->AuthUser->saveField('password', Security::hash(Configure::read('Security.salt') . 'cake'));
$this->Controller->data['AuthUser']['username'] = 'nate';
$this->Controller->data['AuthUser']['password'] = 'cake';
$this->Controller->params['url']['url'] = 'auth_test/login';
$this->Controller->Auth->initialize($this->Controller);
$this->Controller->Auth->loginAction = 'auth_test/login';
$this->Controller->Auth->userModel = 'AuthUser';
$this->Controller->Auth->startup($this->Controller);
$this->assertTrue(is_array($this->Controller->Auth->user()));
$this->Controller->Session->del($this->Controller->Auth->sessionKey);
$this->Controller->data['AuthUser']['username'] = 'nate';
$this->Controller->data['AuthUser']['password'] = 'cake1';
$this->Controller->params['url']['url'] = 'auth_test/login';
$this->Controller->Auth->initialize($this->Controller);
$this->Controller->Auth->loginAction = 'auth_test/login';
$this->Controller->Auth->userModel = 'AuthUser';
$this->Controller->Auth->startup($this->Controller);
$this->assertTrue(is_null($this->Controller->Auth->user()));
$this->Controller->Session->del($this->Controller->Auth->sessionKey);
$this->Controller->data['AuthUser']['username'] = '> n';
$this->Controller->data['AuthUser']['password'] = 'cake';
$this->Controller->Auth->initialize($this->Controller);
$this->Controller->Auth->startup($this->Controller);
$this->assertTrue(is_null($this->Controller->Auth->user()));
}
function tearDown() {
unset($this->Controller, $this->AuthUser);
}