mirror/mailcow-dockerized
2
0
Fork 0
mirror of https://github.com/mailcow/mailcow-dockerized.git synced 2024-12-09 08:50:05 +08:00
Code Issues Packages Projects Releases Wiki Activity

restrict webauthn-tfa-get-args sql query

Browse Source
This commit is contained in:
FreddleSpl0it 2022-05-18 09:39:50 +02:00
parent 3c9502f241
commit 4ec982163e
No known key found for this signature in database
GPG Key ID: F1B3BE8A3BBA3451
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
data/web/json_api.php
View File

@ -452,7 +452,7 @@ if (isset($_GET['query'])) {
}
break;
case "webauthn-tfa-get-args":
$stmt = $pdo->prepare("SELECT `keyHandle` FROM `tfa` WHERE username = :username");
$stmt = $pdo->prepare("SELECT `keyHandle` FROM `tfa` WHERE username = :username AND authmech = `webauthn`");
$stmt->execute(array(':username' => $_SESSION['pending_mailcow_cc_username']));
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
if (count($rows) == 0) {