may be exploitable in current form - awaiting review

author: zotlabs <mike@macgirvin.com> 2017-09-02 14:04:37 -0700
committer: zotlabs <mike@macgirvin.com> 2017-09-02 14:04:37 -0700
commit: 7bff60edacd68ef3dccf6f956e9c57092919950a (patch)
tree: f4b9310abf2370642ae0866c0f7989c509f3781f /include/api_auth.php
parent: 5bffae621979f37740cbfc7d97adf15f95e6c6e8 (diff)
download: volse-hubzilla-7bff60edacd68ef3dccf6f956e9c57092919950a.tar.gz
volse-hubzilla-7bff60edacd68ef3dccf6f956e9c57092919950a.tar.bz2
volse-hubzilla-7bff60edacd68ef3dccf6f956e9c57092919950a.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/include/api_auth.php b/include/api_auth.php
index 0818fa54b..0acd4ac68 100644
--- a/include/api_auth.php
+++ b/include/api_auth.php
@@ -85,7 +85,8 @@ function api_login(&$a){
 					else {
 						continue;
 					}
-
+// requires security review
+$record = null;
 					if($record) {					
 						$verified = \Zotlabs\Web\HTTPSig::verify('',$record['channel']['channel_pubkey']);
 						if(! ($verified && $verified['header_signed'] && $verified['header_valid'])) {
author	zotlabs <mike@macgirvin.com>	2017-09-02 14:04:37 -0700
committer	zotlabs <mike@macgirvin.com>	2017-09-02 14:04:37 -0700
commit	7bff60edacd68ef3dccf6f956e9c57092919950a (patch)
tree	f4b9310abf2370642ae0866c0f7989c509f3781f /include/api_auth.php
parent	5bffae621979f37740cbfc7d97adf15f95e6c6e8 (diff)
download	volse-hubzilla-7bff60edacd68ef3dccf6f956e9c57092919950a.tar.gz volse-hubzilla-7bff60edacd68ef3dccf6f956e9c57092919950a.tar.bz2 volse-hubzilla-7bff60edacd68ef3dccf6f956e9c57092919950a.zip