harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

may be exploitable in current form - awaiting review

Browse Source
This commit is contained in:
zotlabs
2017-09-02 14:04:37 -07:00
parent 5bffae6219
commit 7bff60edac
3 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
include/api_auth.php
View File

@@ -85,7 +85,8 @@ function api_login(&$a){
else {
continue;
}
// requires security review
$record = null;
if($record) {
$verified = \Zotlabs\Web\HTTPSig::verify('',$record['channel']['channel_pubkey']);
if(! ($verified && $verified['header_signed'] && $verified['header_valid'])) {