From b7369ff88e2e75f81cba070e0bb52b3e780a4f6c Mon Sep 17 00:00:00 2001
From: NewEraCracker <neweracracker@gmail.com>
Date: Mon, 8 Feb 2016 16:39:31 +0000
Subject: This should prevent the possibility of illegal offsets

If you poke pfSense WebGUI you'll find some funny stuff. Username and Password should never be arrays at all.
---
 src/etc/inc/auth.inc | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'src/etc/inc/auth.inc')

diff --git a/src/etc/inc/auth.inc b/src/etc/inc/auth.inc
index 4899e4a..a5f0ff4 100644
--- a/src/etc/inc/auth.inc
+++ b/src/etc/inc/auth.inc
@@ -1530,6 +1530,10 @@ function getUserGroups($username, $authcfg, &$attributes = array()) {
 
 function authenticate_user($username, $password, $authcfg = NULL, &$attributes = array()) {
 
+	if (is_array($username) || is_array($password)) {
+		return false;
+	}
+
 	if (!$authcfg) {
 		return local_backed($username, $password);
 	}
-- 
cgit v1.1