harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'mike/master' into dev

Browse Source
This commit is contained in:
Mario Vavti 2017-09-02 23:52:31 +02:00
commit 1a0cf2666a
3 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Zotlabs/Module/Cdav.php
View File

@ -64,6 +64,8 @@ class Cdav extends \Zotlabs\Web\Controller {
if(! ($verified && $verified['header_signed'] && $verified['header_valid'])) { if(! ($verified && $verified['header_signed'] && $verified['header_valid'])) {
$record = null; $record = null;
} }
// requires security review
$record = null;
if($record['account']) { if($record['account']) {
authenticate_success($record['account']); authenticate_success($record['account']);
if($channel_login) { if($channel_login) {

2
Zotlabs/Module/Dav.php
View File

@ -73,6 +73,8 @@ class Dav extends \Zotlabs\Web\Controller {
if(! ($verified && $verified['header_signed'] && $verified['header_valid'])) { if(! ($verified && $verified['header_signed'] && $verified['header_valid'])) {
$record = null; $record = null;
} }
// requires security review
$record = null;
if($record['account']) { if($record['account']) {
authenticate_success($record['account']); authenticate_success($record['account']);
if($channel_login) { if($channel_login) {

3
include/api_auth.php
View File

@ -85,7 +85,8 @@ function api_login(&$a){
else { else {
continue; continue;
} }
// requires security review
$record = null;
if($record) { if($record) {
$verified = \Zotlabs\Web\HTTPSig::verify('',$record['channel']['channel_pubkey']); $verified = \Zotlabs\Web\HTTPSig::verify('',$record['channel']['channel_pubkey']);
if(! ($verified && $verified['header_signed'] && $verified['header_valid'])) { if(! ($verified && $verified['header_signed'] && $verified['header_valid'])) {