diff options
| author | Lukas Reschke <lukas@owncloud.com> | 2015-02-01 19:07:10 +0300 |
|---|---|---|
| committer | Lukas Reschke <lukas@owncloud.com> | 2015-02-01 19:07:10 +0300 |
| commit | 35afb0d22e41c195ba8ac4a7dc942ba4b0b97d42 (patch) | |
| tree | f8b7c7814ddb6beb83d5015a79666b58ed2bdb35 /core | |
| parent | a3067b3b9fe1ef3287440d132681b9ff46031219 (diff) | |
Default to `null` for lostpassword
We oC 8 we use the `StringUtils::equals` method which will also verify the type, since we don't anylonger hash the token twice this is required in case somebody is able to invoke this route with an empty `$token`.
Diffstat (limited to 'core')
| -rw-r--r-- | core/lostpassword/controller/lostcontroller.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/core/lostpassword/controller/lostcontroller.php b/core/lostpassword/controller/lostcontroller.php index aee4001ed37..5297e9a9a2a 100644 --- a/core/lostpassword/controller/lostcontroller.php +++ b/core/lostpassword/controller/lostcontroller.php @@ -148,7 +148,7 @@ class LostController extends Controller { try { $user = $this->userManager->get($userId); - if (!StringUtils::equals($this->config->getUserValue($userId, 'owncloud', 'lostpassword'), $token)) { + if (!StringUtils::equals($this->config->getUserValue($userId, 'owncloud', 'lostpassword', null), $token)) { throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid')); } |