projects / GitHub / WoltLab / WCF.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 701eb30) | patch
Use timing safe comparison to validate `state` parameter for social login
authorNiklas (Krymonota) <Krymonota@users.noreply.github.com>
Wed, 12 Aug 2020 13:59:26 +0000 (15:59 +0200)
committerNiklas (Krymonota) <Krymonota@users.noreply.github.com>
Wed, 12 Aug 2020 13:59:26 +0000 (15:59 +0200)
commit19bb3987ae12e5f151f91452f93cfa7ea1661d66
tree236f6ca915c13b541ce74948c86f0c2931014fcatree | snapshot (tar.gz zip)
parent701eb30efe8535691f7dae9be1914c7ea7d09ccacommit | diff
Use timing safe comparison to validate `state` parameter for social login

The Twitter social login is left out because the implementation still uses OAuth 1.0, which does not support the `state` parameter.

Closes #3501
wcfsetup/install/files/lib/action/FacebookAuthAction.class.php diff | blob | blame | history
wcfsetup/install/files/lib/action/GithubAuthAction.class.php diff | blob | blame | history
wcfsetup/install/files/lib/action/GoogleAuthAction.class.php diff | blob | blame | history
WoltLab Suite Core (previously WoltLab Community Framework)