diff options
Diffstat (limited to 'application/core')
| -rw-r--r-- | application/core/MY_Controller.php | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/application/core/MY_Controller.php b/application/core/MY_Controller.php index 1e724a865..fc08b10ae 100644 --- a/application/core/MY_Controller.php +++ b/application/core/MY_Controller.php @@ -66,7 +66,13 @@ class MY_Controller extends CI_Controller { show_error("Function not JSON enabled"); } - if ($this->input->post("apikey") !== false) { + if ($this->uri->segment(1) == "api") { + is_cli_client(true); + } + + if ($this->input->post("apikey") !== false + || ($this->input->post("username") !== false + && $this->input->post("password") !== false)) { /* This relies on the authentication code always verifying the supplied * apikey. If the key is not verified/logged in an attacker could simply * add an empty "apikey" field to the CSRF form to circumvent the |