adulau/cakephp2-php8
1
0
Fork 0
mirror of https://github.com/kamilwylegala/cakephp2-php8.git synced 2025-01-31 09:06:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Securing AuthComponent against re-POSTing password data

Browse source 
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@4455 3807eeeb-6ff5-0310-8944-8be069107fe0
This commit is contained in:
nate 2007-02-05 20:19:34 +00:00
parent 80e503a70f
commit 9bba7b70a2
1 changed files with 5 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
cake/libs/controller/components/auth.php
View file

@ -197,25 +197,21 @@ class AuthComponent extends Object {
if ($this->_normalizeURL($this->loginAction) == $this->_normalizeURL($url)) { if ($this->_normalizeURL($this->loginAction) == $this->_normalizeURL($url)) {
// We're already at the login action // We're already at the login action
if (empty($controller->data) || !isset($controller->data[$this->userModel])) { if (empty($controller->data) || !isset($controller->data[$this->userModel])) {
return; return;
} }
$data = array( $data = array(
$this->userModel . '.' . $this->fields['username'] => $controller->data[$this->userModel][$this->fields['username']], $this->userModel . '.' . $this->fields['username'] => '= ' . $controller->data[$this->userModel][$this->fields['username']],
$this->userModel . '.' . $this->fields['password'] => $controller->data[$this->userModel][$this->fields['password']] $this->userModel . '.' . $this->fields['password'] => '= ' . $controller->data[$this->userModel][$this->fields['password']]
); );
if ($this->login($data)) { if ($this->login($data)) {
$controller->redirect($this->redirect(), null, true); $controller->redirect($this->redirect(), null, true);
} else { } else {
$this->Session->setFlash($this->loginError, 'default', array(), 'Auth.login'); $this->Session->setFlash($this->loginError, 'default', array(), 'Auth.login');
unset($controller->data[$this->userModel][$this->fields['password']]);
} }
return; return;
} else { } else {
if (!$this->Session->check($this->sessionKey)) { if (!$this->Session->check($this->sessionKey)) {
if (!$this->RequestHandler->isAjax()) { if (!$this->RequestHandler->isAjax()) {
$this->Session->write('Auth.redirect', $url); $this->Session->write('Auth.redirect', $url);
@ -225,11 +221,6 @@ class AuthComponent extends Object {
$this->render($this->ajaxLogin, 'ajax'); $this->render($this->ajaxLogin, 'ajax');
exit(); exit();
} }
} else {
$this->UserData = $this->Session->read('Contact');
$this->set('UserData', $this->UserData);
} }
} }
@ -242,6 +233,7 @@ class AuthComponent extends Object {
break; break;
case null: case null:
case false: case false:
return;
break; break;
default: default:
trigger_error(__('Auth::startup() - $type is set to an incorrect value. Should be "actions", "objects", or null.'), E_USER_WARNING); trigger_error(__('Auth::startup() - $type is set to an incorrect value. Should be "actions", "objects", or null.'), E_USER_WARNING);
@ -275,6 +267,7 @@ class AuthComponent extends Object {
} }
if (empty($this->userModel)) { if (empty($this->userModel)) {
trigger_error(__('Could not find $userModel. Please set AuthComponent::$userModel in beforeFilter().'), E_USER_WARNING);
return false; return false;
} }