From 5eb6d7bc05993308fb8a1a88d95bcb08dc450d43 Mon Sep 17 00:00:00 2001
From: Roeland Jago Douma <roeland@famdouma.nl>
Date: Thu, 17 May 2018 22:07:20 +0200
Subject: [PATCH] Regenerate session id after public share auth

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
---
 apps/files_sharing/lib/Controller/ShareController.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/apps/files_sharing/lib/Controller/ShareController.php b/apps/files_sharing/lib/Controller/ShareController.php
index 3669d8fda460a..f8749526900ed 100644
--- a/apps/files_sharing/lib/Controller/ShareController.php
+++ b/apps/files_sharing/lib/Controller/ShareController.php
@@ -204,6 +204,7 @@ public function authenticate($token, $password = '') {
 	private function linkShareAuth(\OCP\Share\IShare $share, $password = null) {
 		if ($password !== null) {
 			if ($this->shareManager->checkPassword($share, $password)) {
+				$this->session->regenerateId();
 				$this->session->set('public_link_authenticated', (string)$share->getId());
 			} else {
 				$this->emitAccessShareHook($share, 403, 'Wrong password');