diff options
author | zotlabs <mike@macgirvin.com> | 2017-09-03 00:59:51 -0700 |
---|---|---|
committer | zotlabs <mike@macgirvin.com> | 2017-09-03 00:59:51 -0700 |
commit | 499b7de0d217e5e56819f34dea26cb5d395e2a0b (patch) | |
tree | 950cec9c031dd4f1248289a334a92233fdc9dc08 /include/api_auth.php | |
parent | 7bff60edacd68ef3dccf6f956e9c57092919950a (diff) | |
download | volse-hubzilla-499b7de0d217e5e56819f34dea26cb5d395e2a0b.tar.gz volse-hubzilla-499b7de0d217e5e56819f34dea26cb5d395e2a0b.tar.bz2 volse-hubzilla-499b7de0d217e5e56819f34dea26cb5d395e2a0b.zip |
Reviewed. This is OK.
Revert "may be exploitable in current form - awaiting review"
This reverts commit 7bff60edacd68ef3dccf6f956e9c57092919950a.
Diffstat (limited to 'include/api_auth.php')
-rw-r--r-- | include/api_auth.php | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/include/api_auth.php b/include/api_auth.php index 0acd4ac68..0818fa54b 100644 --- a/include/api_auth.php +++ b/include/api_auth.php @@ -85,8 +85,7 @@ function api_login(&$a){ else { continue; } -// requires security review -$record = null; + if($record) { $verified = \Zotlabs\Web\HTTPSig::verify('',$record['channel']['channel_pubkey']); if(! ($verified && $verified['header_signed'] && $verified['header_valid'])) { |