diff options
author | Ermal <eri@pfsense.org> | 2012-05-30 20:50:30 +0000 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2012-05-30 20:50:30 +0000 |
commit | d427980c76cd11beeb923c939e1924fecf532a08 (patch) | |
tree | 5399030dbe31e9ba3514ee487281021513816b65 /etc | |
parent | a50115856994b73b11ac04e1f8d790d2741238f7 (diff) | |
download | pfsense-d427980c76cd11beeb923c939e1924fecf532a08.zip pfsense-d427980c76cd11beeb923c939e1924fecf532a08.tar.gz |
Do not allow empty passwords since this might cause problems for some authentication servers like ldap. Fixes #2326
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/auth.inc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index 26f0497..29a698c 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -1276,7 +1276,7 @@ function session_auth() { session_start(); /* Validate incoming login request */ - if (isset($_POST['login'])) { + if (isset($_POST['login']) && !empty($_POST['usernamefld']) && !empty($_POST['passwordfld'])) { $authcfg = auth_get_authserver($config['system']['webgui']['authmode']); if (authenticate_user($_POST['usernamefld'], $_POST['passwordfld'], $authcfg) || authenticate_user($_POST['usernamefld'], $_POST['passwordfld'])) { |