From 7bff60edacd68ef3dccf6f956e9c57092919950a Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Sat, 2 Sep 2017 14:04:37 -0700
Subject: may be exploitable in current form - awaiting review

---
 Zotlabs/Module/Cdav.php | 2 ++
 Zotlabs/Module/Dav.php  | 2 ++
 2 files changed, 4 insertions(+)

(limited to 'Zotlabs')

diff --git a/Zotlabs/Module/Cdav.php b/Zotlabs/Module/Cdav.php
index abaec26a6..ec177ae2a 100644
--- a/Zotlabs/Module/Cdav.php
+++ b/Zotlabs/Module/Cdav.php
@@ -64,6 +64,8 @@ class Cdav extends \Zotlabs\Web\Controller {
 								if(! ($verified && $verified['header_signed'] && $verified['header_valid'])) {
 									$record = null;
 								}
+// requires security review
+$record = null;
 								if($record['account']) {
 							        authenticate_success($record['account']);
 							        if($channel_login) {
diff --git a/Zotlabs/Module/Dav.php b/Zotlabs/Module/Dav.php
index d506fe9f5..5cd0c9c5e 100644
--- a/Zotlabs/Module/Dav.php
+++ b/Zotlabs/Module/Dav.php
@@ -73,6 +73,8 @@ class Dav extends \Zotlabs\Web\Controller {
 							if(! ($verified && $verified['header_signed'] && $verified['header_valid'])) {
 								$record = null;
 							}
+// requires security review
+$record = null;
 							if($record['account']) {
 						        authenticate_success($record['account']);
 						        if($channel_login) {
-- 
cgit v1.2.3