aboutsummaryrefslogtreecommitdiffstats
path: root/README.md
diff options
context:
space:
mode:
authorWaitman Gobble <waitman@waitman.net>2017-09-18 06:02:14 -0500
committerGitHub <noreply@github.com>2017-09-18 06:02:14 -0500
commitb3c805d7d0f62cf322de21f09ba066b418d8712d (patch)
tree3f29252e977dc4b999472367baa2ed2032c6e293 /README.md
parent5c379b4d356169b8eada1f6e1851dbc7f5af6933 (diff)
downloadvolse-hubzilla-b3c805d7d0f62cf322de21f09ba066b418d8712d.tar.gz
volse-hubzilla-b3c805d7d0f62cf322de21f09ba066b418d8712d.tar.bz2
volse-hubzilla-b3c805d7d0f62cf322de21f09ba066b418d8712d.zip
prevent 'my_address' being set with bogus info
After a user has authenticated, it is possible to set my_address in $_SESSION to 'anything' using zid= parameter in URL - if user is authenticated then zid is never set. This change kills the authenticated switch if a person sends a new zid through for processing, which will trigger remote authentication.
Diffstat (limited to 'README.md')
0 files changed, 0 insertions, 0 deletions