diff options
| author | Ermal <eri@pfsense.org> | 2012-05-30 20:51:11 +0000 |
|---|---|---|
| committer | Ermal <eri@pfsense.org> | 2012-05-30 20:51:11 +0000 |
| commit | 88165371efbc79fdc0194de26814eacca68d2a5c (patch) | |
| tree | 3ef72da26061971bf05d28673d40a5dab73f7d2c /etc/inc/auth.inc | |
| parent | 1710305617db80cde51a961077c3d18959c238d3 (diff) | |
| download | pfsense-88165371efbc79fdc0194de26814eacca68d2a5c.zip pfsense-88165371efbc79fdc0194de26814eacca68d2a5c.tar.gz | |
Do not allow empty passwords since this might cause problems for some authentication servers like ldap. Fixes #2326
Diffstat (limited to 'etc/inc/auth.inc')
| -rw-r--r-- | etc/inc/auth.inc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index 5b62e6a..1c176ab 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -1304,7 +1304,7 @@ function session_auth() { session_start(); /* Validate incoming login request */ - if (isset($_POST['login'])) { + if (isset($_POST['login']) && !empty($_POST['usernamefld']) && !empty($_POST['passwordfld'])) { $authcfg = auth_get_authserver($config['system']['webgui']['authmode']); if (authenticate_user($_POST['usernamefld'], $_POST['passwordfld'], $authcfg) || authenticate_user($_POST['usernamefld'], $_POST['passwordfld'])) { @@ -1412,4 +1412,4 @@ function session_auth() { Header("X-Frame-Options: SAMEORIGIN"); -?>
\ No newline at end of file +?> |
