diff options
author | Waitman Gobble <waitman@waitman.net> | 2017-09-18 06:02:14 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-09-18 06:02:14 -0500 |
commit | b3c805d7d0f62cf322de21f09ba066b418d8712d (patch) | |
tree | 3f29252e977dc4b999472367baa2ed2032c6e293 /README.md | |
parent | 5c379b4d356169b8eada1f6e1851dbc7f5af6933 (diff) | |
download | volse-hubzilla-b3c805d7d0f62cf322de21f09ba066b418d8712d.tar.gz volse-hubzilla-b3c805d7d0f62cf322de21f09ba066b418d8712d.tar.bz2 volse-hubzilla-b3c805d7d0f62cf322de21f09ba066b418d8712d.zip |
prevent 'my_address' being set with bogus info
After a user has authenticated, it is possible to set my_address in $_SESSION to 'anything' using zid= parameter in URL - if user is authenticated then zid is never set. This change kills the authenticated switch if a person sends a new zid through for processing, which will trigger remote authentication.
Diffstat (limited to 'README.md')
0 files changed, 0 insertions, 0 deletions