aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorzotlabs <mike@macgirvin.com>2017-09-03 00:59:51 -0700
committerzotlabs <mike@macgirvin.com>2017-09-03 00:59:51 -0700
commit499b7de0d217e5e56819f34dea26cb5d395e2a0b (patch)
tree950cec9c031dd4f1248289a334a92233fdc9dc08 /include
parent7bff60edacd68ef3dccf6f956e9c57092919950a (diff)
downloadvolse-hubzilla-499b7de0d217e5e56819f34dea26cb5d395e2a0b.tar.gz
volse-hubzilla-499b7de0d217e5e56819f34dea26cb5d395e2a0b.tar.bz2
volse-hubzilla-499b7de0d217e5e56819f34dea26cb5d395e2a0b.zip
Reviewed. This is OK.
Revert "may be exploitable in current form - awaiting review" This reverts commit 7bff60edacd68ef3dccf6f956e9c57092919950a.
Diffstat (limited to 'include')
-rw-r--r--include/api_auth.php3
1 files changed, 1 insertions, 2 deletions
diff --git a/include/api_auth.php b/include/api_auth.php
index 0acd4ac68..0818fa54b 100644
--- a/include/api_auth.php
+++ b/include/api_auth.php
@@ -85,8 +85,7 @@ function api_login(&$a){
else {
continue;
}
-// requires security review
-$record = null;
+
if($record) {
$verified = \Zotlabs\Web\HTTPSig::verify('',$record['channel']['channel_pubkey']);
if(! ($verified && $verified['header_signed'] && $verified['header_valid'])) {