diff options
Diffstat (limited to 'lib/util.php')
-rw-r--r-- | lib/util.php | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/util.php b/lib/util.php index efd86ad50..e14cc36ac 100644 --- a/lib/util.php +++ b/lib/util.php @@ -493,6 +493,10 @@ function common_munge_password($password, $id) { # check if a username exists and has matching password function common_check_user($nickname, $password) { + # NEVER allow blank passwords, even if they match the DB + if (mb_strlen($password) == 0) { + return false; + } $user = User::staticGet('nickname', $nickname); if (is_null($user)) { return false; |