aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorredmatrix <git@macgirvin.com>2016-03-17 18:40:03 -0700
committerredmatrix <git@macgirvin.com>2016-03-17 18:40:03 -0700
commit21c1f89eba41490f78302a9bd6c074500de9579b (patch)
treec6e7d87198763a23e67e5ba5e4be166803a486af
parentdf61970b39c4d7e2fbdf031274792b41bd34a2d2 (diff)
downloadvolse-hubzilla-21c1f89eba41490f78302a9bd6c074500de9579b.tar.gz
volse-hubzilla-21c1f89eba41490f78302a9bd6c074500de9579b.tar.bz2
volse-hubzilla-21c1f89eba41490f78302a9bd6c074500de9579b.zip
SECURITY: DAV authentication issue
-rw-r--r--Zotlabs/Storage/BasicAuth.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/Zotlabs/Storage/BasicAuth.php b/Zotlabs/Storage/BasicAuth.php
index d93525d20..637cd222f 100644
--- a/Zotlabs/Storage/BasicAuth.php
+++ b/Zotlabs/Storage/BasicAuth.php
@@ -110,7 +110,7 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic {
if ($x) {
// @fixme this foreach should not be needed?
foreach ($x as $record) {
- if (($record['account_flags'] == ACCOUNT_OK) || ($record['account_flags'] == ACCOUNT_UNVERIFIED)
+ if ((($record['account_flags'] == ACCOUNT_OK) || ($record['account_flags'] == ACCOUNT_UNVERIFIED))
&& (hash('whirlpool', $record['account_salt'] . $password) === $record['account_password'])) {
logger('password verified for ' . $username);
return $this->setAuthenticated($r[0]);