diff options
| author | Mario <mario@mariovavti.com> | 2024-12-22 17:39:58 +0000 |
|---|---|---|
| committer | Mario <mario@mariovavti.com> | 2024-12-22 17:39:58 +0000 |
| commit | 648979467a959fa59ad68254c9dec203ff4e0f8a (patch) | |
| tree | 2bd93ab14fe5ee29452054907f0b6476e9693e74 | |
| parent | 5c0ff6f584c34090eaa9a25bd66ac1293fdda957 (diff) | |
| download | volse-hubzilla-648979467a959fa59ad68254c9dec203ff4e0f8a.tar.gz volse-hubzilla-648979467a959fa59ad68254c9dec203ff4e0f8a.tar.bz2 volse-hubzilla-648979467a959fa59ad68254c9dec203ff4e0f8a.zip | |
do not allow a new zid to override an existing remote login - otherwise a prfactored request with an added zid can log us out
| -rw-r--r-- | Zotlabs/Web/WebServer.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/Zotlabs/Web/WebServer.php b/Zotlabs/Web/WebServer.php index 19f14ee8a..d59effc88 100644 --- a/Zotlabs/Web/WebServer.php +++ b/Zotlabs/Web/WebServer.php @@ -61,7 +61,7 @@ class WebServer { if (x($_GET,'zid') && $installed) { \App::$query_string = strip_zids(\App::$query_string); if(! local_channel()) { - if (!isset($_SESSION['my_address']) || $_SESSION['my_address'] != $_GET['zid']) { + if (!isset($_SESSION['my_address'])) { $_SESSION['my_address'] = Text::escape_tags($_GET['zid']); $_SESSION['authenticated'] = 0; } |