1
0
mirror of https://gitlab.com/mojo42/Jirafeau.git synced 2025-02-17 20:54:36 +01:00

admin.php: fix authentication bypass vulnerability

This commit is contained in:
scumjr 2016-03-21 18:54:59 +01:00
parent 272ab3a46c
commit c019221848

@ -53,7 +53,7 @@ if (isset ($_POST['action']) && (strcmp ($_POST['action'], 'logout') == 0))
/* Check classic admin password authentification. */ /* Check classic admin password authentification. */
if (isset ($_POST['admin_password']) && empty($cfg['admin_http_auth_user'])) if (isset ($_POST['admin_password']) && empty($cfg['admin_http_auth_user']))
{ {
if (strcmp ($cfg['admin_password'], $_POST['admin_password']) == 0) if ($cfg['admin_password'] === $_POST['admin_password'])
$_SESSION['admin_auth'] = true; $_SESSION['admin_auth'] = true;
else else
{ {