diff options
author | Ermal <eri@pfsense.org> | 2011-07-21 21:10:22 +0000 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2011-07-21 21:10:22 +0000 |
commit | 739e227a98c2d3c722f782a553048ee015f96fe3 (patch) | |
tree | 41b460f917acc47f94a5cd45b725326bded6632a /usr/local/captiveportal | |
parent | adbb495cd692f3aeda39efddb15f02b6df46603f (diff) | |
download | pfsense-739e227a98c2d3c722f782a553048ee015f96fe3.zip pfsense-739e227a98c2d3c722f782a553048ee015f96fe3.tar.gz |
Plug a security risk on CP where a user can login by submitting a special request
Diffstat (limited to 'usr/local/captiveportal')
-rwxr-xr-x | usr/local/captiveportal/index.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/usr/local/captiveportal/index.php b/usr/local/captiveportal/index.php index e910779..1bd9366 100755 --- a/usr/local/captiveportal/index.php +++ b/usr/local/captiveportal/index.php @@ -193,7 +193,7 @@ EOD; captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"FAILURE"); portal_reply_page($redirurl, "error", $errormsg); } -} else if ($_POST['accept'] && $clientip) { +} else if ($_POST['accept'] && $clientip && $config['captiveportal']['auth_method'] == "none") { captiveportal_logportalauth("unauthenticated",$clientmac,$clientip,"ACCEPT"); portal_allow($clientip, $clientmac, "unauthenticated"); } else { |