< PHPCRED-26: Check PHPCredLocker on a Raspberry Pi
PHPCRED-28: Users won't be able to log-in if they access through a reverse proxy using a different hostname >
PHPCRED-27: An Injected Session will still be accepted if the Sessionkey is blank
Fixed (2014-11-11 19:37:29)
: 2014-07-28 16:02:56
Time Spent Working
When the filesystem is checked for the corresponding key, it's not checked whether the sessionkey is empty, and so a null value could be accepted (it'll probably break other things if it is, but best to catch it early).
Toggle State Changes
This issue was fixed a little while back -
btasker changed status from 'Open' to 'Resolved'
btasker added 'Fixed' to resolution
btasker changed status from 'Resolved' to 'Closed'