diff options
| author | Dries Buytaert <dries@buytaert.net> | 2009-06-30 11:32:08 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2009-06-30 11:32:08 +0000 |
| commit | 00fc298163ec610c55177196ca9550ae38f4e2ea (patch) | |
| tree | 159dec1d0a2728bcb405c75cbc60aa5df4706271 /install.php | |
| parent | e4857747ca016f14afd2cc002339bbad5149efb7 (diff) | |
| download | brdo-00fc298163ec610c55177196ca9550ae38f4e2ea.tar.gz brdo-00fc298163ec610c55177196ca9550ae38f4e2ea.tar.bz2 | |
- Patch #497612 by Moshe Weitzman et al: harden user login by correctly using the form API. Complete commit now. Thank you, thank you.
Diffstat (limited to 'install.php')
| -rw-r--r-- | install.php | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/install.php b/install.php index 89d694716..79a8dff56 100644 --- a/install.php +++ b/install.php @@ -1158,8 +1158,9 @@ function install_configure_form_submit($form, &$form_state) { $account = user_load(1); $merge_data = array('init' => $form_state['values']['mail'], 'roles' => array(), 'status' => 1); user_save($account, array_merge($form_state['values'], $merge_data)); - // Log in the first user. - user_authenticate($form_state['values']); + // Load global $user and perform final login tasks. + $form_state['uid'] = 1; + user_login_submit(array(), $form_state); $form_state['values'] = $form_state['old_values']; unset($form_state['old_values']); variable_set('user_email_verification', TRUE); @@ -1167,9 +1168,6 @@ function install_configure_form_submit($form, &$form_state) { if (isset($form_state['values']['clean_url'])) { variable_set('clean_url', $form_state['values']['clean_url']); } - // The user is now logged in, but has no session ID yet, which - // would be required later in the request, so remember it. - $user->sid = session_id(); // Record when this install ran. variable_set('install_time', $_SERVER['REQUEST_TIME']); |