diff options
author | Mario Vavti <mario@mariovavti.com> | 2017-09-03 21:49:01 +0200 |
---|---|---|
committer | Mario Vavti <mario@mariovavti.com> | 2017-09-03 21:49:01 +0200 |
commit | 0fac35686b28825da69c77f9a903e4e24a7036fa (patch) | |
tree | 173211151ad2b00b7f0e152b3ab7b9c767ceaed5 | |
parent | 5ae2d15dc065e89d139dc43d50ac129a557a04c7 (diff) | |
parent | 499b7de0d217e5e56819f34dea26cb5d395e2a0b (diff) | |
download | volse-hubzilla-0fac35686b28825da69c77f9a903e4e24a7036fa.tar.gz volse-hubzilla-0fac35686b28825da69c77f9a903e4e24a7036fa.tar.bz2 volse-hubzilla-0fac35686b28825da69c77f9a903e4e24a7036fa.zip |
Merge remote-tracking branch 'mike/master' into dev
-rw-r--r-- | Zotlabs/Module/Cdav.php | 2 | ||||
-rw-r--r-- | Zotlabs/Module/Dav.php | 2 | ||||
-rw-r--r-- | include/api_auth.php | 3 |
3 files changed, 1 insertions, 6 deletions
diff --git a/Zotlabs/Module/Cdav.php b/Zotlabs/Module/Cdav.php index ec177ae2a..abaec26a6 100644 --- a/Zotlabs/Module/Cdav.php +++ b/Zotlabs/Module/Cdav.php @@ -64,8 +64,6 @@ class Cdav extends \Zotlabs\Web\Controller { if(! ($verified && $verified['header_signed'] && $verified['header_valid'])) { $record = null; } -// requires security review -$record = null; if($record['account']) { authenticate_success($record['account']); if($channel_login) { diff --git a/Zotlabs/Module/Dav.php b/Zotlabs/Module/Dav.php index 5cd0c9c5e..d506fe9f5 100644 --- a/Zotlabs/Module/Dav.php +++ b/Zotlabs/Module/Dav.php @@ -73,8 +73,6 @@ class Dav extends \Zotlabs\Web\Controller { if(! ($verified && $verified['header_signed'] && $verified['header_valid'])) { $record = null; } -// requires security review -$record = null; if($record['account']) { authenticate_success($record['account']); if($channel_login) { diff --git a/include/api_auth.php b/include/api_auth.php index 0acd4ac68..0818fa54b 100644 --- a/include/api_auth.php +++ b/include/api_auth.php @@ -85,8 +85,7 @@ function api_login(&$a){ else { continue; } -// requires security review -$record = null; + if($record) { $verified = \Zotlabs\Web\HTTPSig::verify('',$record['channel']['channel_pubkey']); if(! ($verified && $verified['header_signed'] && $verified['header_valid'])) { |