From 23f5e53a41c763b4253dcba797c23b7c39b6ef41 Mon Sep 17 00:00:00 2001
From: Brett Profitt <brett.profitt@gmail.com>
Date: Tue, 24 Apr 2012 15:27:47 -0700
Subject: Fixed problem in web services where users with incorrect passwords
 could gain an access token.

---
 engine/lib/web_services.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'engine/lib/web_services.php')

diff --git a/engine/lib/web_services.php b/engine/lib/web_services.php
index 07be76ec6..da3ed76a9 100644
--- a/engine/lib/web_services.php
+++ b/engine/lib/web_services.php
@@ -1165,7 +1165,7 @@ function list_all_apis() {
  * @access private
  */
 function auth_gettoken($username, $password) {
-	if (elgg_authenticate($username, $password)) {
+	if (true === elgg_authenticate($username, $password)) {
 		$token = create_user_token($username);
 		if ($token) {
 			return $token;
-- 
cgit v1.2.3