lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix security: A password must NEVER be stored as cookie. GETPOST must

Browse Source 
analyse POST only.
This commit is contained in:
Laurent Destailleur 2016-06-12 21:41:16 +02:00
parent 1396f11b77
commit cda17da8b1
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/main.inc.php
View File

@ -438,7 +438,7 @@ if (! defined('NOLOGIN'))
}
$usertotest = (! empty($_COOKIE['login_dolibarr']) ? $_COOKIE['login_dolibarr'] : GETPOST("username","alpha",2));
$passwordtotest = (! empty($_COOKIE['password_dolibarr']) ? $_COOKIE['password_dolibarr'] : GETPOST('password'));
$passwordtotest = GETPOST('password','',2);
$entitytotest = (GETPOST('entity','int') ? GETPOST('entity','int') : (!empty($conf->entity) ? $conf->entity : 1));
// Validation of login/pass/entity