Blame sticky-notes-0.4-dont-use-eval-for-login.patch
|
 |
1b21e70 |
diff --git a/classes/class_auth.php b/classes/class_auth.php
|
|
|
1b21e70 |
index 4ca4335..72ad9a9 100644
|
|
|
1b21e70 |
--- a/classes/class_auth.php
|
|
|
1b21e70 |
+++ b/classes/class_auth.php
|
|
|
1b21e70 |
@@ -46,22 +46,14 @@ function login($username, $password)
|
|
|
1b21e70 |
{
|
|
|
1b21e70 |
global $config, $db;
|
|
|
1b21e70 |
|
|
|
1b21e70 |
- // Get authentication method
|
|
|
1b21e70 |
- $method = $config->auth_method;
|
|
|
1b21e70 |
+ // Get authentication method callback
|
|
|
1b21e70 |
+ $callback = array($this, "authenticate_{$config->auth_method}");
|
|
|
1b21e70 |
|
|
|
1b21e70 |
- // Check if the auth method is implemented
|
|
|
1b21e70 |
- if (method_exists($this, "authenticate_{$method}"))
|
|
|
1b21e70 |
+ // Execute the method if it exists
|
|
|
1b21e70 |
+ if (is_callable($callback))
|
|
|
1b21e70 |
{
|
|
|
1b21e70 |
- // Create a new session
|
|
|
1b21e70 |
$this->create_session();
|
|
|
1b21e70 |
-
|
|
|
1b21e70 |
- // Generate the delegate and execute the method
|
|
|
1b21e70 |
- $delegate = '$auth_status = $this->authenticate_' . $method .
|
|
|
1b21e70 |
- '("' . $username . '", "' . $password . '");';
|
|
|
1b21e70 |
- eval($delegate);
|
|
|
1b21e70 |
-
|
|
|
1b21e70 |
- // Return the authentication status returned by the delegate
|
|
|
1b21e70 |
- return $auth_status;
|
|
|
1b21e70 |
+ return call_user_func($callback, $username, $password);
|
|
|
1b21e70 |
}
|
|
|
1b21e70 |
|
|
|
1b21e70 |
// Method not implemented, invalidate user
|