forked from cory/tildefriends
Make sure we don't leak the session string when reassigning it.
This commit is contained in:
parent
92a74026a6
commit
0a0b0c1adb
@ -1281,6 +1281,7 @@ static void _httpd_endpoint_login(tf_http_request_t* request)
|
|||||||
{
|
{
|
||||||
if (!have_account && _is_name_valid(account_name) && password && confirm && strcmp(password, confirm) == 0 && _register_account(ssb, account_name, password))
|
if (!have_account && _is_name_valid(account_name) && password && confirm && strcmp(password, confirm) == 0 && _register_account(ssb, account_name, password))
|
||||||
{
|
{
|
||||||
|
tf_free((void*)send_session);
|
||||||
send_session = _make_session_jwt(ssb, account_name);
|
send_session = _make_session_jwt(ssb, account_name);
|
||||||
may_become_first_admin = true;
|
may_become_first_admin = true;
|
||||||
}
|
}
|
||||||
@ -1295,6 +1296,7 @@ static void _httpd_endpoint_login(tf_http_request_t* request)
|
|||||||
if (have_account && _is_name_valid(account_name) && new_password && confirm && strcmp(new_password, confirm) == 0 && _verify_password(password, account_passwd) &&
|
if (have_account && _is_name_valid(account_name) && new_password && confirm && strcmp(new_password, confirm) == 0 && _verify_password(password, account_passwd) &&
|
||||||
_set_account_password(context, db, account_name, new_password))
|
_set_account_password(context, db, account_name, new_password))
|
||||||
{
|
{
|
||||||
|
tf_free((void*)send_session);
|
||||||
send_session = _make_session_jwt(ssb, account_name);
|
send_session = _make_session_jwt(ssb, account_name);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
@ -1307,6 +1309,7 @@ static void _httpd_endpoint_login(tf_http_request_t* request)
|
|||||||
{
|
{
|
||||||
if (have_account && *account_passwd && _verify_password(password, account_passwd))
|
if (have_account && *account_passwd && _verify_password(password, account_passwd))
|
||||||
{
|
{
|
||||||
|
tf_free((void*)send_session);
|
||||||
send_session = _make_session_jwt(ssb, account_name);
|
send_session = _make_session_jwt(ssb, account_name);
|
||||||
may_become_first_admin = true;
|
may_become_first_admin = true;
|
||||||
}
|
}
|
||||||
@ -1318,6 +1321,7 @@ static void _httpd_endpoint_login(tf_http_request_t* request)
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
tf_free((void*)send_session);
|
||||||
send_session = _make_session_jwt(ssb, "guest");
|
send_session = _make_session_jwt(ssb, "guest");
|
||||||
}
|
}
|
||||||
tf_free(post_form_data);
|
tf_free(post_form_data);
|
||||||
|
Loading…
Reference in New Issue
Block a user