mirror of
https://gitlab.com/mojo42/Jirafeau.git
synced 2025-02-17 20:54:36 +01:00
admin.php: fix authentication bypass vulnerability
This commit is contained in:
parent
272ab3a46c
commit
c019221848
@ -53,7 +53,7 @@ if (isset ($_POST['action']) && (strcmp ($_POST['action'], 'logout') == 0))
|
|||||||
/* Check classic admin password authentification. */
|
/* Check classic admin password authentification. */
|
||||||
if (isset ($_POST['admin_password']) && empty($cfg['admin_http_auth_user']))
|
if (isset ($_POST['admin_password']) && empty($cfg['admin_http_auth_user']))
|
||||||
{
|
{
|
||||||
if (strcmp ($cfg['admin_password'], $_POST['admin_password']) == 0)
|
if ($cfg['admin_password'] === $_POST['admin_password'])
|
||||||
$_SESSION['admin_auth'] = true;
|
$_SESSION['admin_auth'] = true;
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
Loading…
x
Reference in New Issue
Block a user