lib/kolab_api_controller.php

Aleksander Machniak machniak at kolabsys.com
Fri Feb 24 12:07:58 CET 2012


 lib/kolab_api_controller.php |    7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

New commits:
commit 4dbe52463e30dd28998c22ae0ed44cb1c7f21272
Author: Aleksander Machniak <alec at alec.pl>
Date:   Fri Feb 24 12:04:54 2012 +0100

    Session validation is redundant in system.configure, removed

diff --git a/lib/kolab_api_controller.php b/lib/kolab_api_controller.php
index b9885ca..c0e36b6 100644
--- a/lib/kolab_api_controller.php
+++ b/lib/kolab_api_controller.php
@@ -134,8 +134,9 @@ class kolab_api_controller
         $postdata = @json_decode($postdata, true);
 
         console("Calling method " . $method . " on service " . $service);
+
         // validate user session
-        if ($method != 'authenticate') {
+        if ($service != 'system' || $method != 'authenticate') {
             if (!$this->session_validate($postdata)) {
                 throw new Exception("Invalid session", 403);
             }
@@ -363,10 +364,6 @@ class kolab_api_controller
      */
     private function configure($request, $postdata)
     {
-        if (!$this->session_validate($postdata)) {
-            return false;
-        }
-
         $result = array();
 
         foreach ($postdata as $key => $value) {





More information about the commits mailing list