Changeset View
Changeset View
Standalone View
Standalone View
src/applications/auth/storage/PhabricatorAuthChallenge.php
Context not available. | |||||
assert_instances_of($challenges, __CLASS__); | assert_instances_of($challenges, __CLASS__); | ||||
$token_list = $request->getStr(self::HTTPKEY); | $token_list = $request->getStr(self::HTTPKEY); | ||||
$token_list = explode(' ', $token_list); | $token_list = @explode(' ', $token_list); | ||||
$token_map = array(); | $token_map = array(); | ||||
foreach ($token_list as $token_element) { | foreach ($token_list as $token_element) { | ||||
$token_element = trim($token_element, ' '); | $token_element = trim($token_element, ' '); | ||||
if (!strlen($token_element)) { | if (!@strlen($token_element)) { | ||||
continue; | continue; | ||||
} | } | ||||
// NOTE: This error message is intentionally not printing the token to | // NOTE: This error message is intentionally not printing the token to | ||||
// avoid disclosing it. As a result, it isn't terribly useful, but no | // avoid disclosing it. As a result, it isn't terribly useful, but no | ||||
// normal user should ever end up here. | // normal user should ever end up here. | ||||
if (!preg_match('/^[^:]+:/', $token_element)) { | if (!@preg_match('/^[^:]+:/', $token_element)) { | ||||
throw new Exception( | throw new Exception( | ||||
pht( | pht( | ||||
'This request included an improperly formatted MFA challenge '. | 'This request included an improperly formatted MFA challenge '. | ||||
'token and can not be processed.')); | 'token and can not be processed.')); | ||||
} | } | ||||
list($phid, $token) = explode(':', $token_element, 2); | list($phid, $token) = @explode(':', $token_element, 2); | ||||
if (isset($token_map[$phid])) { | if (isset($token_map[$phid])) { | ||||
throw new Exception( | throw new Exception( | ||||
Context not available. | |||||
'set a new response token.')); | 'set a new response token.')); | ||||
} | } | ||||
if (preg_match('/ /', $token->openEnvelope())) { | if (@preg_match('/ /', $token->openEnvelope())) { | ||||
throw new Exception( | throw new Exception( | ||||
pht( | pht( | ||||
'The response token for this challenge is invalid: response '. | 'The response token for this challenge is invalid: response '. | ||||
Context not available. |
Content licensed under Creative Commons Attribution-ShareAlike 4.0 (CC-BY-SA) unless otherwise noted; code licensed under Apache 2.0 or other open source licenses. · CC BY-SA 4.0 · Apache 2.0