maharadroid token doesn't reset, new users get token of "array"
Bug #1057878 reported by
Melissa Draper
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Fix Released
|
Critical
|
Melissa Draper |
Bug Description
There is a problem with the maharadroid token setting when testing mahara.dev.
After setting maharadroid up and uploading a first image successfully, uploading a second image fails. On investigation I noted that the token never changed on the website.
So I made a new user on the website to investigate if it was problems with the existing user's settings, and the new user's token field had a default of "array" in it.
This is dangerous -- it would make anyone's token actually be the word "array" if they saved their settings page for any reason.
Mahara: 1.6/master
Maharadroid: 1.8, from play store on Sept 28th 2012
Changed in mahara: | |
assignee: | nobody → Melissa Draper (melissa) |
status: | Triaged → In Progress |
Changed in mahara: | |
status: | In Progress → Fix Committed |
milestone: | 1.6.0 → 1.6.1 |
To post a comment you must log in.
Not actually a security issue, so opening it up.
"Array" is too short for a token by the small mercy of it being a minimum of 5 characters instead of 6.