Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/matomo-org/matomo.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/plugins/Login
diff options
context:
space:
mode:
authorThomas Steur <tsteur@users.noreply.github.com>2019-01-28 03:24:02 +0300
committerGitHub <noreply@github.com>2019-01-28 03:24:02 +0300
commit0cdfff7d3d33415dc303ba9e4a2adf41cc3fb230 (patch)
treed0e609b5be4e20d0cc6359e7f08a2d21026af6a6 /plugins/Login
parent60adbbc9f65c4bb1f6228e508bd23f2937310788 (diff)
Make sure to compare password with unsanitized password (#14033)
Diffstat (limited to 'plugins/Login')
-rw-r--r--plugins/Login/Controller.php3
1 files changed, 3 insertions, 0 deletions
diff --git a/plugins/Login/Controller.php b/plugins/Login/Controller.php
index 2d820d5e9f..1f2fa7d68d 100644
--- a/plugins/Login/Controller.php
+++ b/plugins/Login/Controller.php
@@ -201,6 +201,9 @@ class Controller extends \Piwik\Plugin\ControllerAdmin
if (!empty($_POST)) {
$nonce = Common::getRequestVar('nonce', null, 'string', $_POST);
$password = Common::getRequestVar('password', null, 'string', $_POST);
+ if ($password) {
+ $password = Common::unsanitizeInputValue($password);
+ }
if (!Nonce::verifyNonce($nonceKey, $nonce)) {
$messageNoAccess = $this->getMessageExceptionNoAccess();
} elseif ($this->passwordVerify->isPasswordCorrect(Piwik::getCurrentUserLogin(), $password)) {
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-22 19:05:48 +0300