averello/nextcloud-server-mirror
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-03-04 18:28:08 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix bug where users could use wildcards in username to login

Browse Source 
e.g. user Peter could probably login using username Pet%
fixed same problem in the migration script
This commit is contained in:
Daniel
2012-04-15 10:30:22 +02:00
parent 44c34115a4
commit fd16784bcc
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/migrate.php
View File

@@ -457,7 +457,7 @@ class OC_Migrate{
);
// Add hash if user export
if( self::$exporttype == 'user' ){
$query = OC_DB::prepare( "SELECT password FROM *PREFIX*users WHERE uid LIKE ?" );
$query = OC_DB::prepare( "SELECT password FROM *PREFIX*users WHERE uid = ?" );
$result = $query->execute( array( self::$uid ) );
$row = $result->fetchRow();
$hash = $row ? $row['password'] : false;

4
lib/user/database.php
View File

@@ -122,7 +122,7 @@ class OC_User_Database extends OC_User_Backend {
* Check if the password is correct without logging in the user
*/
public function checkPassword( $uid, $password ){
$query = OC_DB::prepare( "SELECT uid, password FROM *PREFIX*users WHERE uid LIKE ?" );
$query = OC_DB::prepare( "SELECT uid, password FROM *PREFIX*users WHERE uid = ?" );
$result = $query->execute( array( $uid));
$row=$result->fetchRow();
@@ -172,7 +172,7 @@ class OC_User_Database extends OC_User_Backend {
* @return boolean
*/
public function userExists($uid){
$query = OC_DB::prepare( "SELECT * FROM `*PREFIX*users` WHERE uid LIKE ?" );
$query = OC_DB::prepare( "SELECT * FROM `*PREFIX*users` WHERE uid = ?" );
$result = $query->execute( array( $uid ));
return $result->numRows() > 0;