diff options
| author | Karl 'vollmerk' Vollmer <vollmer@ampache.org> | 2007-12-19 01:36:16 +0000 |
|---|---|---|
| committer | Karl 'vollmerk' Vollmer <vollmer@ampache.org> | 2007-12-19 01:36:16 +0000 |
| commit | 9661434379a94791031604a4a5094f5631351457 (patch) | |
| tree | e9e0b02f6386efad2e1825ce0f3f5a7ec368fe61 /server | |
| parent | 77bc16f52520efe50ea0664b11f235897239a482 (diff) | |
| download | ampache-9661434379a94791031604a4a5094f5631351457.tar.gz ampache-9661434379a94791031604a4a5094f5631351457.tar.bz2 ampache-9661434379a94791031604a4a5094f5631351457.zip | |
fixed three bugs found by purdyk with the api
Diffstat (limited to 'server')
| -rw-r--r-- | server/xml.server.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/server/xml.server.php b/server/xml.server.php index d1464dca..10da2e97 100644 --- a/server/xml.server.php +++ b/server/xml.server.php @@ -47,7 +47,7 @@ if (!Config::get('access_control')) { * Verify the existance of the Session they passed in we do allow them to * login via this interface so we do have an exception for action=login */ -if ((!Access::session_exists(array(),$_REQUEST['auth'],'api') AND $_REQUEST['action'] != 'handshake') || !Access::check_network('init-api',$_SERVER['REMOTE_ADDR'],$_REQUEST['user'])) { +if ((!Access::session_exists(array(),$_REQUEST['auth'],'api') AND $_REQUEST['action'] != 'handshake') || !Access::check_network('init-api',$_SERVER['REMOTE_ADDR'],$_REQUEST['user'],'5')) { debug_event('Access Denied','Invalid Session or unathorized access attempt to API','5'); ob_end_clean(); echo xmlData::error('Access Denied due to ACL or unauthorized access attempt to API, attempt logged'); |