Viewing all changes in revision 5.
- Committer: Nick Moffitt
- Date: 2016-07-18 13:35:11 UTC
- Revision ID: nick.moffitt@canonical.com-20160718133511-jyjz03zczflvxwpm
Security fix found and suggested by Alyssa Milburn.
This actually allows the nonce check to force the login process to error out entirely. Without this, the system accepts forged last-step requests that contain valid openid URIs.
This actually allows the nonce check to force the login process to error out entirely. Without this, the system accepts forged last-step requests that contain valid openid URIs.
- files modified:
- login.php
expand all
collapse all
added
removed
