From 7bff60edacd68ef3dccf6f956e9c57092919950a Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Sat, 2 Sep 2017 14:04:37 -0700
Subject: may be exploitable in current form - awaiting review

---
 include/api_auth.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'include')

diff --git a/include/api_auth.php b/include/api_auth.php
index 0818fa54b..0acd4ac68 100644
--- a/include/api_auth.php
+++ b/include/api_auth.php
@@ -85,7 +85,8 @@ function api_login(&$a){
 					else {
 						continue;
 					}
-
+// requires security review
+$record = null;
 					if($record) {					
 						$verified = \Zotlabs\Web\HTTPSig::verify('',$record['channel']['channel_pubkey']);
 						if(! ($verified && $verified['header_signed'] && $verified['header_valid'])) {
-- 
cgit v1.2.3