Merge pull request #862 from waitman/patch-4

prevent 'my_address' being set with bogus info
author: git-marijus <mario@mariovavti.com> 2017-09-28 11:01:01 +0200
committer: GitHub <noreply@github.com> 2017-09-28 11:01:01 +0200
commit: 98e05349848956659f081975bd704f368fd2372c (patch)
tree: 6546c62504a02db39b34b80913c654e5fb8bf31c /Zotlabs/Web/WebServer.php
parent: 617f2863c47ba306e8d866ea76f7120ae4465427 (diff)
parent: b3c805d7d0f62cf322de21f09ba066b418d8712d (diff)
download: volse-hubzilla-98e05349848956659f081975bd704f368fd2372c.tar.gz
volse-hubzilla-98e05349848956659f081975bd704f368fd2372c.tar.bz2
volse-hubzilla-98e05349848956659f081975bd704f368fd2372c.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/Zotlabs/Web/WebServer.php b/Zotlabs/Web/WebServer.php
index 65b772fee..0ee735818 100644
--- a/Zotlabs/Web/WebServer.php
+++ b/Zotlabs/Web/WebServer.php
@@ -58,7 +58,11 @@ class WebServer {
 		if((x($_GET,'zid')) && (! \App::$install)) {
 			\App::$query_string = strip_zids(\App::$query_string);
 			if(! local_channel()) {
-				$_SESSION['my_address'] = $_GET['zid'];
+                                if ($_SESSION['my_address']!=$_GET['zid'])
+                                {
+                                        $_SESSION['my_address'] = $_GET['zid'];
+                                        $_SESSION['authenticated'] = 0;
+                                }
 				zid_init();
 			}
 		}
author	git-marijus <mario@mariovavti.com>	2017-09-28 11:01:01 +0200
committer	GitHub <noreply@github.com>	2017-09-28 11:01:01 +0200
commit	98e05349848956659f081975bd704f368fd2372c (patch)
tree	6546c62504a02db39b34b80913c654e5fb8bf31c /Zotlabs/Web/WebServer.php
parent	617f2863c47ba306e8d866ea76f7120ae4465427 (diff)
parent	b3c805d7d0f62cf322de21f09ba066b418d8712d (diff)
download	volse-hubzilla-98e05349848956659f081975bd704f368fd2372c.tar.gz volse-hubzilla-98e05349848956659f081975bd704f368fd2372c.tar.bz2 volse-hubzilla-98e05349848956659f081975bd704f368fd2372c.zip