From f5fe95a1315200c7e0c08544b2aad5ef69167d7c Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@statuscode.ch>
Date: Sat, 29 Sep 2012 15:15:35 +0200
Subject: [PATCH] Removed sectoken

This token is completly useless since an attacker can easily extract it
from the page.
---
 core/lostpassword/index.php                  | 15 ++++-----------
 core/lostpassword/templates/lostpassword.php |  1 -
 2 files changed, 4 insertions(+), 12 deletions(-)

diff --git a/core/lostpassword/index.php b/core/lostpassword/index.php
index 8da86d5a36..9eda0915b0 100644
--- a/core/lostpassword/index.php
+++ b/core/lostpassword/index.php
@@ -16,7 +16,7 @@ if (isset($_POST['user'])) {
 		$token = sha1($_POST['user'].md5(uniqid(rand(), true)));
 		OC_Preferences::setValue($_POST['user'], 'owncloud', 'lostpassword', $token);
 		$email = OC_Preferences::getValue($_POST['user'], 'settings', 'email', '');
-		if (!empty($email) and isset($_POST['sectoken']) and isset($_SESSION['sectoken']) and ($_POST['sectoken']==$_SESSION['sectoken']) ) {
+		if (!empty($email)) {
 			$link = OC_Helper::linkToAbsolute('core/lostpassword', 'resetpassword.php', array('user' => $_POST['user'], 'token' => $token));
 			$tmpl = new OC_Template('core/lostpassword', 'email');
 			$tmpl->assign('link', $link, false);
@@ -25,18 +25,11 @@ if (isset($_POST['user'])) {
 			$from = 'lostpassword-noreply@' . OCP\Util::getServerHost();
 			OC_MAIL::send($email, $_POST['user'], $l->t('ownCloud password reset'), $msg, $from, 'ownCloud');
 			echo('sent');
-
 		}
-		$sectoken=rand(1000000, 9999999);
-		$_SESSION['sectoken']=$sectoken;
-		OC_Template::printGuestPage('core/lostpassword', 'lostpassword', array('error' => false, 'requested' => true, 'sectoken' => $sectoken));
+		OC_Template::printGuestPage('core/lostpassword', 'lostpassword', array('error' => false, 'requested' => true));
 	} else {
-		$sectoken=rand(1000000, 9999999);
-		$_SESSION['sectoken']=$sectoken;
-		OC_Template::printGuestPage('core/lostpassword', 'lostpassword', array('error' => true, 'requested' => false, 'sectoken' => $sectoken));
+		OC_Template::printGuestPage('core/lostpassword', 'lostpassword', array('error' => true, 'requested' => false));
 	}
 } else {
-	$sectoken=rand(1000000, 9999999);
-	$_SESSION['sectoken']=$sectoken;
-	OC_Template::printGuestPage('core/lostpassword', 'lostpassword', array('error' => false, 'requested' => false, 'sectoken' => $sectoken));
+	OC_Template::printGuestPage('core/lostpassword', 'lostpassword', array('error' => false, 'requested' => false));
 }
diff --git a/core/lostpassword/templates/lostpassword.php b/core/lostpassword/templates/lostpassword.php
index 754eabdad6..4b871963b8 100644
--- a/core/lostpassword/templates/lostpassword.php
+++ b/core/lostpassword/templates/lostpassword.php
@@ -10,7 +10,6 @@
 			<p class="infield">
 				<label for="user" class="infield"><?php echo $l->t( 'Username' ); ?></label>
 				<input type="text" name="user" id="user" value="" autocomplete="off" required autofocus />
-				<input type="hidden" name="sectoken" id="sectoken" value="<?php echo($_['sectoken']); ?>"  />
 			</p>
 			<input type="submit" id="submit" value="<?php echo $l->t('Request reset'); ?>" />
 		<?php endif; ?>
-- 
GitLab