Merge pull request #862 from waitman/patch-4
prevent 'my_address' being set with bogus info
This commit is contained in:
@@ -58,7 +58,11 @@ class WebServer {
|
|||||||
if((x($_GET,'zid')) && (! \App::$install)) {
|
if((x($_GET,'zid')) && (! \App::$install)) {
|
||||||
\App::$query_string = strip_zids(\App::$query_string);
|
\App::$query_string = strip_zids(\App::$query_string);
|
||||||
if(! local_channel()) {
|
if(! local_channel()) {
|
||||||
|
if ($_SESSION['my_address']!=$_GET['zid'])
|
||||||
|
{
|
||||||
$_SESSION['my_address'] = $_GET['zid'];
|
$_SESSION['my_address'] = $_GET['zid'];
|
||||||
|
$_SESSION['authenticated'] = 0;
|
||||||
|
}
|
||||||
zid_init();
|
zid_init();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Reference in New Issue
Block a user