aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs/Zot/Auth.php
diff options
context:
space:
mode:
authorzotlabs <mike@macgirvin.com>2017-09-05 17:12:31 -0700
committerzotlabs <mike@macgirvin.com>2017-09-05 17:12:31 -0700
commit6147f819ce908d7a52f905658e827c48aad92074 (patch)
tree5b1374914c359eab184ea6812778a67036e9f218 /Zotlabs/Zot/Auth.php
parent842a041a888434df7d6312db08ce805c5ee21bf7 (diff)
downloadvolse-hubzilla-6147f819ce908d7a52f905658e827c48aad92074.tar.gz
volse-hubzilla-6147f819ce908d7a52f905658e827c48aad92074.tar.bz2
volse-hubzilla-6147f819ce908d7a52f905658e827c48aad92074.zip
avoid a security patch and resultant compatibility issues; instead restrict the input characters we accept in token verification strings to hex digits. This will all be changing in the coming weeks/months anyway.
Diffstat (limited to 'Zotlabs/Zot/Auth.php')
-rw-r--r--Zotlabs/Zot/Auth.php1
1 files changed, 0 insertions, 1 deletions
diff --git a/Zotlabs/Zot/Auth.php b/Zotlabs/Zot/Auth.php
index 44f01174e..8d198f506 100644
--- a/Zotlabs/Zot/Auth.php
+++ b/Zotlabs/Zot/Auth.php
@@ -167,7 +167,6 @@ class Auth {
dbesc($hubloc['hubloc_url'])
);
- // needs a nonce!!!!
$p = zot_build_packet($channel,$type = 'auth_check',
array(array('guid' => $hubloc['hubloc_guid'],'guid_sig' => $hubloc['hubloc_guid_sig'])),
$hubloc['hubloc_sitekey'], (($x) ? $x[0]['site_crypto'] : ''), $this->sec);