summaryrefslogtreecommitdiffstats
path: root/lib/kolab_api_controller.php
diff options
context:
space:
mode:
authorAleksander Machniak <alec@alec.pl>2012-02-24 12:04:54 +0100
committerAleksander Machniak <alec@alec.pl>2012-02-24 12:04:54 +0100
commit4dbe52463e30dd28998c22ae0ed44cb1c7f21272 (patch)
treebba870c2b1256d5edc88b2e347305500969b53e1 /lib/kolab_api_controller.php
parent4b616974b6ecf5d66fa1b8aeb84f381e45844255 (diff)
downloadwebadmin-4dbe52463e30dd28998c22ae0ed44cb1c7f21272.tar.gz
Session validation is redundant in system.configure, removed
Diffstat (limited to 'lib/kolab_api_controller.php')
-rw-r--r--lib/kolab_api_controller.php7
1 files changed, 2 insertions, 5 deletions
diff --git a/lib/kolab_api_controller.php b/lib/kolab_api_controller.php
index b9885ca..c0e36b6 100644
--- a/lib/kolab_api_controller.php
+++ b/lib/kolab_api_controller.php
@@ -134,8 +134,9 @@ class kolab_api_controller
$postdata = @json_decode($postdata, true);
console("Calling method " . $method . " on service " . $service);
+
// validate user session
- if ($method != 'authenticate') {
+ if ($service != 'system' || $method != 'authenticate') {
if (!$this->session_validate($postdata)) {
throw new Exception("Invalid session", 403);
}
@@ -363,10 +364,6 @@ class kolab_api_controller
*/
private function configure($request, $postdata)
{
- if (!$this->session_validate($postdata)) {
- return false;
- }
-
$result = array();
foreach ($postdata as $key => $value) {