diff options
author | redmatrix <git@macgirvin.com> | 2016-03-17 18:40:03 -0700 |
---|---|---|
committer | redmatrix <git@macgirvin.com> | 2016-03-17 18:40:03 -0700 |
commit | 21c1f89eba41490f78302a9bd6c074500de9579b (patch) | |
tree | c6e7d87198763a23e67e5ba5e4be166803a486af | |
parent | df61970b39c4d7e2fbdf031274792b41bd34a2d2 (diff) | |
download | volse-hubzilla-21c1f89eba41490f78302a9bd6c074500de9579b.tar.gz volse-hubzilla-21c1f89eba41490f78302a9bd6c074500de9579b.tar.bz2 volse-hubzilla-21c1f89eba41490f78302a9bd6c074500de9579b.zip |
SECURITY: DAV authentication issue
-rw-r--r-- | Zotlabs/Storage/BasicAuth.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/Zotlabs/Storage/BasicAuth.php b/Zotlabs/Storage/BasicAuth.php index d93525d20..637cd222f 100644 --- a/Zotlabs/Storage/BasicAuth.php +++ b/Zotlabs/Storage/BasicAuth.php @@ -110,7 +110,7 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic { if ($x) { // @fixme this foreach should not be needed? foreach ($x as $record) { - if (($record['account_flags'] == ACCOUNT_OK) || ($record['account_flags'] == ACCOUNT_UNVERIFIED) + if ((($record['account_flags'] == ACCOUNT_OK) || ($record['account_flags'] == ACCOUNT_UNVERIFIED)) && (hash('whirlpool', $record['account_salt'] . $password) === $record['account_password'])) { logger('password verified for ' . $username); return $this->setAuthenticated($r[0]); |