From b7369ff88e2e75f81cba070e0bb52b3e780a4f6c Mon Sep 17 00:00:00 2001 From: NewEraCracker Date: Mon, 8 Feb 2016 16:39:31 +0000 Subject: This should prevent the possibility of illegal offsets If you poke pfSense WebGUI you'll find some funny stuff. Username and Password should never be arrays at all. --- src/etc/inc/auth.inc | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'src') diff --git a/src/etc/inc/auth.inc b/src/etc/inc/auth.inc index 4899e4a..a5f0ff4 100644 --- a/src/etc/inc/auth.inc +++ b/src/etc/inc/auth.inc @@ -1530,6 +1530,10 @@ function getUserGroups($username, $authcfg, &$attributes = array()) { function authenticate_user($username, $password, $authcfg = NULL, &$attributes = array()) { + if (is_array($username) || is_array($password)) { + return false; + } + if (!$authcfg) { return local_backed($username, $password); } -- cgit v1.1