diff options
author | Thomas Steur <tsteur@users.noreply.github.com> | 2019-01-28 03:24:02 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-01-28 03:24:02 +0300 |
commit | 0cdfff7d3d33415dc303ba9e4a2adf41cc3fb230 (patch) | |
tree | d0e609b5be4e20d0cc6359e7f08a2d21026af6a6 /plugins/Login | |
parent | 60adbbc9f65c4bb1f6228e508bd23f2937310788 (diff) |
Make sure to compare password with unsanitized password (#14033)
Diffstat (limited to 'plugins/Login')
-rw-r--r-- | plugins/Login/Controller.php | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/plugins/Login/Controller.php b/plugins/Login/Controller.php index 2d820d5e9f..1f2fa7d68d 100644 --- a/plugins/Login/Controller.php +++ b/plugins/Login/Controller.php @@ -201,6 +201,9 @@ class Controller extends \Piwik\Plugin\ControllerAdmin if (!empty($_POST)) { $nonce = Common::getRequestVar('nonce', null, 'string', $_POST); $password = Common::getRequestVar('password', null, 'string', $_POST); + if ($password) { + $password = Common::unsanitizeInputValue($password); + } if (!Nonce::verifyNonce($nonceKey, $nonce)) { $messageNoAccess = $this->getMessageExceptionNoAccess(); } elseif ($this->passwordVerify->isPasswordCorrect(Piwik::getCurrentUserLogin(), $password)) { |