mirror_php/Jirafeau
1
0
Fork 0
mirror of https://gitlab.com/mojo42/Jirafeau.git synced 2025-01-29 18:47:44 +01:00
Code Issues Projects Releases Wiki Activity

admin.php: fix authentication bypass vulnerability

Browse Source
This commit is contained in:
scumjr 2016-03-21 18:54:59 +01:00
parent 272ab3a46c
commit c019221848
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
admin.php
View File

@ -53,7 +53,7 @@ if (isset ($_POST['action']) && (strcmp ($_POST['action'], 'logout') == 0))
/* Check classic admin password authentification. */
if (isset ($_POST['admin_password']) && empty($cfg['admin_http_auth_user']))
{
if (strcmp ($cfg['admin_password'], $_POST['admin_password']) == 0)
if ($cfg['admin_password'] === $_POST['admin_password'])
$_SESSION['admin_auth'] = true;
else
{