diff options
author | Ermal <eri@pfsense.org> | 2011-07-21 21:10:22 +0000 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2011-07-21 21:10:38 +0000 |
commit | c7b5a8cf2e14ead5f2d201eab362520a9459aa05 (patch) | |
tree | 55c90272ca0b07e06b706f348862f10171c09929 | |
parent | 58794ce5d5fcdb59a64f72b622dfb8096ec3e9ef (diff) | |
download | pfsense-c7b5a8cf2e14ead5f2d201eab362520a9459aa05.zip pfsense-c7b5a8cf2e14ead5f2d201eab362520a9459aa05.tar.gz |
Plug a security risk on CP where a user can login by submitting a special request
-rwxr-xr-x | usr/local/captiveportal/index.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/usr/local/captiveportal/index.php b/usr/local/captiveportal/index.php index 0170a7a..b08a358 100755 --- a/usr/local/captiveportal/index.php +++ b/usr/local/captiveportal/index.php @@ -193,7 +193,7 @@ EOD; captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"FAILURE"); portal_reply_page($redirurl, "error", $errormsg); } -} else if ($_POST['accept'] && $clientip) { +} else if ($_POST['accept'] && $clientip && $config['captiveportal']['auth_method'] == "none") { captiveportal_logportalauth("unauthenticated",$clientmac,$clientip,"ACCEPT"); portal_allow($clientip, $clientmac, "unauthenticated"); } else { |