PsychoticNinja/Stikked
1
0
Fork 0
mirror of https://github.com/claudehohl/Stikked.git synced 2025-04-26 04:51:08 -05:00
Code Issues Projects Releases Wiki Activity

fixed security bug when ldap is enabled, the api was still accessible without auth

Browse Source
This commit is contained in:
Th3R3p0 2017-03-21 20:14:07 -04:00
parent 8db301b87d
commit e5afab8429
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
htdocs/application/controllers/Api.php
View File

@ -26,6 +26,13 @@ class Api extends Main
{ {
die("The API has been disabled\n"); die("The API has been disabled\n");
} }
// if ldap is configured and no api token is configured, fail the request
if ((config_item('require_auth') == true) && (config_item('apikey') == ''))
{
die("API key not configured");
}
} }
function index() function index()