tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

[SS-2016-014] FIX Autologin cookies are ignored if autologin is disabled

Browse Source
This commit is contained in:
Daniel Hensby 2016-07-25 12:08:15 +01:00 committed by Damian Mooyman
parent 6817c57f64
commit 1c7d5de51b
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
security/Member.php
View File

@ -465,7 +465,8 @@ class Member extends DataObject implements TemplateGlobalProvider {
$this->NumVisit++;
if($remember) {
// Only set the cookie if autologin is enabled
if($remember && Security::config()->autologin_enabled) {
// Store the hash and give the client the cookie with the token.
$generator = new RandomGenerator();
$token = $generator->randomToken('sha1');
@ -536,7 +537,8 @@ class Member extends DataObject implements TemplateGlobalProvider {
// Don't bother trying this multiple times
self::$_already_tried_to_auto_log_in = true;
if(strpos(Cookie::get('alc_enc'), ':') === false
if(!Security::config()->autologin_enabled
|| strpos(Cookie::get('alc_enc'), ':') === false
|| Session::get("loggedInAs")
|| !Security::database_is_ready()
) {