Commit 93a6ed3d authored by Miquel Rodríguez Telep / Michael Rodríguez-Torrent's avatar Miquel Rodríguez Telep / Michael Rodríguez-Torrent
Browse files

Ensure instanceid contains a letter

instanceid is generated by uniqid() and then used as the
session_name. Because session_name requires at least one letter
and uniqid() does not guarantee to provide that, in the case that
uniqid() generates a string of only digits, the user will be stuck
in an infinite login loop because every request will generate a
new PHP session.
parent 53fd122b
......@@ -418,7 +418,8 @@ class OC_Util {
public static function getInstanceId() {
$id = OC_Config::getValue('instanceid', null);
if(is_null($id)) {
$id = uniqid();
// We need to guarantee at least one letter in instanceid so it can be used as the session_name
$id = 'oc' . uniqid();
OC_Config::setValue('instanceid', $id);
}
return $id;
......
......@@ -54,4 +54,9 @@ class Test_Util extends PHPUnit_Framework_TestCase {
$this->assertEquals('no-reply@example.com', $email);
OC_Config::deleteKey('mail_domain');
}
function testGetInstanceIdGeneratesValidId() {
OC_Config::deleteKey('instanceid');
$this->assertStringStartsWith('oc', OC_Util::getInstanceId());
}
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment