do not use Accept-Encoding in browser UID
Since Chrome 37, they send differen accept encodings for POST and GET requests which will break BrowserUID checks as reported in cosmocode/dokuwiki-plugin-oauth/issues/3 See https://code.google.com/p/chromium/issues/detail?id=410559 for official bug report at Google
This commit is contained in:
parent
8ab9b36bd8
commit
60aca4b904
|
@ -335,7 +335,6 @@ function auth_browseruid() {
|
|||
$ip = clientIP(true);
|
||||
$uid = '';
|
||||
$uid .= $INPUT->server->str('HTTP_USER_AGENT');
|
||||
$uid .= $INPUT->server->str('HTTP_ACCEPT_ENCODING');
|
||||
$uid .= $INPUT->server->str('HTTP_ACCEPT_CHARSET');
|
||||
$uid .= substr($ip, 0, strpos($ip, '.'));
|
||||
$uid = strtolower($uid);
|
||||
|
|
Loading…
Reference in New Issue