diff options
| author | NewEraCracker <neweracracker@gmail.com> | 2016-02-08 16:39:31 +0000 |
|---|---|---|
| committer | NewEraCracker <neweracracker@gmail.com> | 2016-02-08 16:39:31 +0000 |
| commit | b7369ff88e2e75f81cba070e0bb52b3e780a4f6c (patch) | |
| tree | 409d962846c3af6cc8fcfb6643c784f4fb9dd92d /src/etc/inc/auth.inc | |
| parent | 3057984d4c52c7ee7893022f0d84b2094828b5bf (diff) | |
| download | pfsense-b7369ff88e2e75f81cba070e0bb52b3e780a4f6c.zip pfsense-b7369ff88e2e75f81cba070e0bb52b3e780a4f6c.tar.gz | |
This should prevent the possibility of illegal offsets
If you poke pfSense WebGUI you'll find some funny stuff. Username and Password should never be arrays at all.
Diffstat (limited to 'src/etc/inc/auth.inc')
| -rw-r--r-- | src/etc/inc/auth.inc | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/etc/inc/auth.inc b/src/etc/inc/auth.inc index 4899e4a..a5f0ff4 100644 --- a/src/etc/inc/auth.inc +++ b/src/etc/inc/auth.inc @@ -1530,6 +1530,10 @@ function getUserGroups($username, $authcfg, &$attributes = array()) { function authenticate_user($username, $password, $authcfg = NULL, &$attributes = array()) { + if (is_array($username) || is_array($password)) { + return false; + } + if (!$authcfg) { return local_backed($username, $password); } |
