From 6147f819ce908d7a52f905658e827c48aad92074 Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Tue, 5 Sep 2017 17:12:31 -0700
Subject: avoid a security patch and resultant compatibility issues; instead
 restrict the input characters we accept in token verification strings to hex
 digits. This will all be changing in the coming weeks/months anyway.

---
 Zotlabs/Zot/Auth.php | 1 -
 1 file changed, 1 deletion(-)

(limited to 'Zotlabs/Zot')

diff --git a/Zotlabs/Zot/Auth.php b/Zotlabs/Zot/Auth.php
index 44f01174e..8d198f506 100644
--- a/Zotlabs/Zot/Auth.php
+++ b/Zotlabs/Zot/Auth.php
@@ -167,7 +167,6 @@ class Auth {
 			dbesc($hubloc['hubloc_url'])
 		);
 
-		// needs a nonce!!!!
 		$p = zot_build_packet($channel,$type = 'auth_check', 
 			array(array('guid' => $hubloc['hubloc_guid'],'guid_sig' => $hubloc['hubloc_guid_sig'])), 
 			$hubloc['hubloc_sitekey'], (($x) ? $x[0]['site_crypto'] : ''), $this->sec);
-- 
cgit v1.2.3