iarv/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2026-03-28 17:42:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

fixes #2424 remove connection by header from API key validation

Browse Source 
Simplifies the API key validation in auth_key_login by removing the requirement for connection_by_header. Now, API keys matching the pattern are accepted regardless of the connection source.
This commit is contained in:
Linty
2025-10-29 11:49:19 +01:00
parent b416bdb7c9
commit d6a1cf0466
1 changed files with 1 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
include/functions_user.inc.php
View File

@@ -1677,10 +1677,7 @@ function auth_key_login($auth_key, $connection_by_header=false)
{
$valid_key = 'auth_key';
}
else if (
preg_match('/^pkid-\d{8}-[a-z0-9]{20}:[a-z0-9]{40}$/i', $auth_key)
and $connection_by_header
)
else if (preg_match('/^pkid-\d{8}-[a-z0-9]{20}:[a-z0-9]{40}$/i', $auth_key))
{
$valid_key = 'api_key';
$tmp_key = explode(':', $auth_key);