From 21c1f89eba41490f78302a9bd6c074500de9579b Mon Sep 17 00:00:00 2001
From: redmatrix <git@macgirvin.com>
Date: Thu, 17 Mar 2016 18:40:03 -0700
Subject: SECURITY: DAV authentication issue

---
 Zotlabs/Storage/BasicAuth.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Zotlabs/Storage/BasicAuth.php b/Zotlabs/Storage/BasicAuth.php
index d93525d20..637cd222f 100644
--- a/Zotlabs/Storage/BasicAuth.php
+++ b/Zotlabs/Storage/BasicAuth.php
@@ -110,7 +110,7 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic {
 			if ($x) {
 				// @fixme this foreach should not be needed?
 				foreach ($x as $record) {
-					if (($record['account_flags'] == ACCOUNT_OK) || ($record['account_flags'] == ACCOUNT_UNVERIFIED)
+					if ((($record['account_flags'] == ACCOUNT_OK) || ($record['account_flags'] == ACCOUNT_UNVERIFIED))
 					&& (hash('whirlpool', $record['account_salt'] . $password) === $record['account_password'])) {
 						logger('password verified for ' . $username);
 						return $this->setAuthenticated($r[0]);
-- 
cgit v1.2.3