Skip to content

Commit

Permalink
[SinglePointLogin] fix passwordAuthenticate accessing $_POST superglo…
Browse files Browse the repository at this point in the history 
…bal (#4356)

This removes the $_POST['username'] in favor of $username variable passed to the function as a parameter.

It fixes `PHP Fatal error: Uncaught TypeError: Argument 1 passed to SinglePointLogin::accountLocked() must be of the type string, null given` occurring because the API consumes 'application/json' content-type and $_POST is populated only;

> [...] when using application/x-www-form-urlencoded or multipart/form-data as the HTTP Content-Type in the request.
> http://php.net/manual/en/reserved.variables.post.php
  • Loading branch information
@xlecours @driusan
xlecours authored and driusan committed Feb 25, 2019
1 parent d15e650 commit 8c57175
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion php/libraries/SinglePointLogin.class.inc
View file
Expand Up @@ -320,7 +320,7 @@ class SinglePointLogin
/* Check whether a user's account is locked due to too many bad login
* attempts before actually trying to authenticate their credentials.
*/
if ($this->accountLocked($_POST['username'])) {
if ($this->accountLocked($username)) {
$this->_lastError = 'This account is currently suspended due '
. 'to too many bad login attempts.';
$this->insertFailedDetail('Account locked', $setArray);
Expand Down

0 comments on commit 8c57175

Please sign in to comment.