Not actually a security issue, so opening it up. "Array" is too short for a token by the small mercy of it being a minimum of 5 characters instead of 6.
** Visibility changed to: Public ** This bug is no longer flagged as a security vulnerability -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. https://bugs.launchpad.net/bugs/1057878 Title: maharadroid token doesn't reset, new users get token of "array" Status in Mahara ePortfolio: Triaged Bug description: There is a problem with the maharadroid token setting when testing mahara.dev. After setting maharadroid up and uploading a first image successfully, uploading a second image fails. On investigation I noted that the token never changed on the website. So I made a new user on the website to investigate if it was problems with the existing user's settings, and the new user's token field had a default of "array" in it. This is dangerous -- it would make anyone's token actually be the word "array" if they saved their settings page for any reason. Mahara: 1.6/master Maharadroid: 1.8, from play store on Sept 28th 2012 To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1057878/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : [email protected] Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
