Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Fix 0013901: SOAP API allows invoking methods without proper authenti…

…cation

Note: only applied to 1.2.x not 'next', as the code is changing anyway
  • Loading branch information...
commit f5106be52cf6aa72c521f388e4abb5f0de1f1d7f 1 parent 069239e
root authored
Showing with 5 additions and 0 deletions.
  1. +5 −0 api/soap/mc_api.php
View
5 api/soap/mc_api.php
@@ -51,6 +51,11 @@ function mci_check_login( $p_username, $p_password ) {
# do not use password validation.
$p_password = null;
+ } else {
+ if( is_blank( $p_password ) ) {
+ # require password for authenticated access
+ return false;
+ }
}
if( false === auth_attempt_script_login( $p_username, $p_password ) ) {
Please sign in to comment.
Something went wrong with that request. Please try again.