From fd3c97b93b317cc1b0bfdb17f7b660dae865f25e Mon Sep 17 00:00:00 2001 From: Morris Jobke Date: Wed, 21 Mar 2018 09:41:35 +0100 Subject: [PATCH 1/2] Avoid to leak a user ID that is not a string to reach a user backend Signed-off-by: Morris Jobke --- core/Controller/LoginController.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php index ffa5b10fc2..0f02be4bfd 100644 --- a/core/Controller/LoginController.php +++ b/core/Controller/LoginController.php @@ -142,6 +142,10 @@ class LoginController extends Controller { * @return TemplateResponse|RedirectResponse */ public function showLoginForm($user, $redirect_url) { + if (!is_string($user)) { + throw new \InvalidArgumentException('User needs to be string'); + } + if ($this->userSession->isLoggedIn()) { return new RedirectResponse(OC_Util::getDefaultPageUrl()); } From a07f6d46e331c52e902669c1f9987cfa7805b815 Mon Sep 17 00:00:00 2001 From: Roeland Jago Douma Date: Wed, 11 Apr 2018 00:20:15 +0200 Subject: [PATCH 2/2] Use proper types Signed-off-by: Roeland Jago Douma --- core/Controller/LoginController.php | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php index 0f02be4bfd..2235439d95 100644 --- a/core/Controller/LoginController.php +++ b/core/Controller/LoginController.php @@ -141,10 +141,7 @@ class LoginController extends Controller { * * @return TemplateResponse|RedirectResponse */ - public function showLoginForm($user, $redirect_url) { - if (!is_string($user)) { - throw new \InvalidArgumentException('User needs to be string'); - } + public function showLoginForm(string $user = null, string $redirect_url = null): Http\Response { if ($this->userSession->isLoggedIn()) { return new RedirectResponse(OC_Util::getDefaultPageUrl());