From 8ec45870a3f1d9dfb633a39b7b8a7c4911533d9e Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@statuscode.ch>
Date: Fri, 10 Aug 2012 15:27:10 +0200
Subject: [PATCH] Validate cookie properly and prevent auth bypass BIG (!)
 thanks to Julien CAYSSOL

---
 lib/base.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/base.php b/lib/base.php
index 3a65b30ae9f..0730e5ff3a9 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -489,7 +489,7 @@ class OC{
 		}
 		// confirm credentials in cookie
 		if(isset($_COOKIE['oc_token']) && OC_User::userExists($_COOKIE['oc_username']) &&
-		OC_Preferences::getValue($_COOKIE['oc_username'], "login", "token") == $_COOKIE['oc_token']) {
+		OC_Preferences::getValue($_COOKIE['oc_username'], "login", "token") === $_COOKIE['oc_token']) {
 			OC_User::setUserId($_COOKIE['oc_username']);
 			OC_Util::redirectToDefaultPage();
 		}
-- 
GitLab