aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMario Vavti <mario@mariovavti.com>2017-09-03 21:49:01 +0200
committerMario Vavti <mario@mariovavti.com>2017-09-03 21:49:01 +0200
commit0fac35686b28825da69c77f9a903e4e24a7036fa (patch)
tree173211151ad2b00b7f0e152b3ab7b9c767ceaed5
parent5ae2d15dc065e89d139dc43d50ac129a557a04c7 (diff)
parent499b7de0d217e5e56819f34dea26cb5d395e2a0b (diff)
downloadvolse-hubzilla-0fac35686b28825da69c77f9a903e4e24a7036fa.tar.gz
volse-hubzilla-0fac35686b28825da69c77f9a903e4e24a7036fa.tar.bz2
volse-hubzilla-0fac35686b28825da69c77f9a903e4e24a7036fa.zip
Merge remote-tracking branch 'mike/master' into dev
-rw-r--r--Zotlabs/Module/Cdav.php2
-rw-r--r--Zotlabs/Module/Dav.php2
-rw-r--r--include/api_auth.php3
3 files changed, 1 insertions, 6 deletions
diff --git a/Zotlabs/Module/Cdav.php b/Zotlabs/Module/Cdav.php
index ec177ae2a..abaec26a6 100644
--- a/Zotlabs/Module/Cdav.php
+++ b/Zotlabs/Module/Cdav.php
@@ -64,8 +64,6 @@ class Cdav extends \Zotlabs\Web\Controller {
if(! ($verified && $verified['header_signed'] && $verified['header_valid'])) {
$record = null;
}
-// requires security review
-$record = null;
if($record['account']) {
authenticate_success($record['account']);
if($channel_login) {
diff --git a/Zotlabs/Module/Dav.php b/Zotlabs/Module/Dav.php
index 5cd0c9c5e..d506fe9f5 100644
--- a/Zotlabs/Module/Dav.php
+++ b/Zotlabs/Module/Dav.php
@@ -73,8 +73,6 @@ class Dav extends \Zotlabs\Web\Controller {
if(! ($verified && $verified['header_signed'] && $verified['header_valid'])) {
$record = null;
}
-// requires security review
-$record = null;
if($record['account']) {
authenticate_success($record['account']);
if($channel_login) {
diff --git a/include/api_auth.php b/include/api_auth.php
index 0acd4ac68..0818fa54b 100644
--- a/include/api_auth.php
+++ b/include/api_auth.php
@@ -85,8 +85,7 @@ function api_login(&$a){
else {
continue;
}
-// requires security review
-$record = null;
+
if($record) {
$verified = \Zotlabs\Web\HTTPSig::verify('',$record['channel']['channel_pubkey']);
if(! ($verified && $verified['header_signed'] && $verified['header_valid'])) {