tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 12:05:37 +00:00
Code Issues Projects Releases Wiki Activity

[SS-2016-011] ChangePasswordForm does not check $member->canLogin before login

Browse Source 
This could be used as a way to circumvent login restrictions by using the change password feature to log users in that are unable to login for reasons other than too many password attempts
This commit is contained in:
Daniel Hensby 2016-07-14 17:03:52 +01:00 committed by Damian Mooyman
parent f85dea2e6d
commit 6d41db77fa
1 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
security/ChangePasswordForm.php
View File

@ -98,16 +98,19 @@ class ChangePasswordForm extends Form {
else if($data['NewPassword1'] == $data['NewPassword2']) {
$isValid = $member->changePassword($data['NewPassword1']);
if($isValid->valid()) {
$member->logIn();
// TODO Add confirmation message to login redirect
Session::clear('AutoLoginHash');
// Clear locked out status
$member->LockedOutUntil = null;
$member->FailedLoginCount = null;
$member->write();
if ($member->canLogIn()->valid()) {
$member->logIn();
}
// TODO Add confirmation message to login redirect
Session::clear('AutoLoginHash');
if (!empty($_REQUEST['BackURL'])
// absolute redirection URLs may cause spoofing
&& Director::is_site_url($_REQUEST['BackURL'])