harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #862 from waitman/patch-4

Browse Source 
prevent 'my_address' being set with bogus info
This commit is contained in:
git-marijus
2017-09-28 11:01:01 +02:00
committed by GitHub
parent 617f2863c4 b3c805d7d0
commit 98e0534984
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
Zotlabs/Web/WebServer.php
View File

@@ -58,7 +58,11 @@ class WebServer {
if((x($_GET,'zid')) && (! \App::$install)) {
\App::$query_string = strip_zids(\App::$query_string);
if(! local_channel()) {
$_SESSION['my_address'] = $_GET['zid'];
if ($_SESSION['my_address']!=$_GET['zid'])
{
$_SESSION['my_address'] = $_GET['zid'];
$_SESSION['authenticated'] = 0;
}
zid_init();
}
}