diff options
author | zotlabs <mike@macgirvin.com> | 2017-09-02 14:04:37 -0700 |
---|---|---|
committer | zotlabs <mike@macgirvin.com> | 2017-09-02 14:04:37 -0700 |
commit | 7bff60edacd68ef3dccf6f956e9c57092919950a (patch) | |
tree | f4b9310abf2370642ae0866c0f7989c509f3781f /Zotlabs | |
parent | 5bffae621979f37740cbfc7d97adf15f95e6c6e8 (diff) | |
download | volse-hubzilla-7bff60edacd68ef3dccf6f956e9c57092919950a.tar.gz volse-hubzilla-7bff60edacd68ef3dccf6f956e9c57092919950a.tar.bz2 volse-hubzilla-7bff60edacd68ef3dccf6f956e9c57092919950a.zip |
may be exploitable in current form - awaiting review
Diffstat (limited to 'Zotlabs')
-rw-r--r-- | Zotlabs/Module/Cdav.php | 2 | ||||
-rw-r--r-- | Zotlabs/Module/Dav.php | 2 |
2 files changed, 4 insertions, 0 deletions
diff --git a/Zotlabs/Module/Cdav.php b/Zotlabs/Module/Cdav.php index abaec26a6..ec177ae2a 100644 --- a/Zotlabs/Module/Cdav.php +++ b/Zotlabs/Module/Cdav.php @@ -64,6 +64,8 @@ class Cdav extends \Zotlabs\Web\Controller { if(! ($verified && $verified['header_signed'] && $verified['header_valid'])) { $record = null; } +// requires security review +$record = null; if($record['account']) { authenticate_success($record['account']); if($channel_login) { diff --git a/Zotlabs/Module/Dav.php b/Zotlabs/Module/Dav.php index d506fe9f5..5cd0c9c5e 100644 --- a/Zotlabs/Module/Dav.php +++ b/Zotlabs/Module/Dav.php @@ -73,6 +73,8 @@ class Dav extends \Zotlabs\Web\Controller { if(! ($verified && $verified['header_signed'] && $verified['header_valid'])) { $record = null; } +// requires security review +$record = null; if($record['account']) { authenticate_success($record['account']); if($channel_login) { |