Fixes for related issues:
https://security.drupal.org/node/104803#comment-77068 https://drupal.org/node/2269059 Removed cast to (int) to ensure is_numeric() immediately after doesn't always pass, also added additional check in if statement to be doubly secure Changed so both instances of variable_get('webserver_auth_create_user') default to same value (FALSE)
parent
ea851e2a
Please register or sign in to comment