jeans/Tasmota
jeans/Tasmota
1
0
Fork 0
mirror of https://github.com/arendst/Tasmota.git synced 2025-07-24 11:16:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix web request accepts wrong password

Browse Source 
Fix web request accepts wrong password (#11039)
This commit is contained in:
Theo Arends 2021-02-21 14:17:51 +01:00
parent 7a911b328f
commit d84b5fdfd8
3 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -13,6 +13,7 @@ All notable changes to this project will be documented in this file.
- Shutter driver (#11055)
- ESP32 Mi32 driver (#11048)
- TM1637 driver now needs ``TM1637 CLK`` and ``TM1637 DIO`` to enable (#11057)
- Web request accepts wrong password (#11039)
## [Released]

1
RELEASENOTES.md
View File

@ -88,3 +88,4 @@ The attached binaries can also be downloaded from http://ota.tasmota.com/tasmota
- Shutter driver [#11055](https://github.com/arendst/Tasmota/issues/11055)
- ESP32 Mi32 driver [#11048](https://github.com/arendst/Tasmota/issues/11048)
- TM1637 driver now needs ``TM1637 CLK`` and ``TM1637 DIO`` to enable [#11057](https://github.com/arendst/Tasmota/issues/11057)
- Web request accepts wrong password [#11039](https://github.com/arendst/Tasmota/issues/11039)

2
tasmota/xdrv_01_webserver.ino
View File

@ -2676,7 +2676,7 @@ void HandleHttpCommand(void)
// Prefer authorization via HTTP header (Basic auth), if it fails, use legacy method via GET parameters
char tmp1[33];
WebGetArg(PSTR("user"), tmp1, sizeof(tmp1));
char tmp2[strlen(SettingsText(SET_WEBPWD)) + 1];
char tmp2[strlen(SettingsText(SET_WEBPWD)) + 2]; // Need space for an entered password longer than set password
WebGetArg(PSTR("password"), tmp2, sizeof(tmp2));
if (!(!strcmp(tmp1, WEB_USERNAME) && !strcmp(tmp2, SettingsText(SET_WEBPWD)))) {