From 1f3023f33dc3ef0e87fb70f1cdc47240c86b1ee9 Mon Sep 17 00:00:00 2001 From: Dario Solera Date: Tue, 16 Mar 2010 06:09:24 +0000 Subject: [PATCH] Fixed possible issue in TryCookieLogin (null username and/or loginKey). --- AssemblyVersion.cs | 4 ++-- Core/Users.cs | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/AssemblyVersion.cs b/AssemblyVersion.cs index 42e726c..2b30435 100644 --- a/AssemblyVersion.cs +++ b/AssemblyVersion.cs @@ -16,5 +16,5 @@ using System.Reflection; // // You can specify all the values or you can default the Revision and Build Numbers // by using the '*' as shown below: -[assembly: AssemblyVersion("3.0.2.510")] -[assembly: AssemblyFileVersion("3.0.2.510")] +[assembly: AssemblyVersion("3.0.2.511")] +[assembly: AssemblyFileVersion("3.0.2.511")] diff --git a/Core/Users.cs b/Core/Users.cs index 4b3e732..4243b3e 100644 --- a/Core/Users.cs +++ b/Core/Users.cs @@ -635,6 +635,8 @@ namespace ScrewTurn.Wiki { /// The login key. /// The correct UserInfo object, or null. public static UserInfo TryCookieLogin(string username, string loginKey) { + if(string.IsNullOrEmpty(username) || string.IsNullOrEmpty(loginKey)) return null; + if(username == "admin" && loginKey == ComputeLoginKey(username, Settings.ContactEmail, DateTime.MinValue)) { // Just return, no notification to providers because the "admin" account is fictitious return GetAdministratorAccount();