HTSP: verify channel only when set for autorec/timerec entries, fixes #2892

diff --git a/src/htsp_server.c b/src/htsp_server.c
index 13a16c89489a6deb54dce971ac79272dc361c242..612657ebc25ea70ecc1859c91eaf8988883f20d5 100644 (file)
--- a/src/htsp_server.c
+++ b/src/htsp_server.c
@@ -1737,7 +1737,7 @@ htsp_method_deleteAutorecEntry(htsp_connection_t *htsp, htsmsg_t *in)
     return htsp_error("User does not have access");
 
   /* Check access */
-  if (!htsp_user_access_channel(htsp, dae->dae_channel))
+  if (dae->dae_channel && !htsp_user_access_channel(htsp, dae->dae_channel))
     return htsp_error("User does not have access");
 
   autorec_destroy_by_id(daeId, 1);
@@ -1835,7 +1835,7 @@ htsp_method_deleteTimerecEntry(htsp_connection_t *htsp, htsmsg_t *in)
     return htsp_error("User does not have access");
 
   /* Check access */
-  if (!htsp_user_access_channel(htsp, dte->dte_channel))
+  if (dte->dte_channel && !htsp_user_access_channel(htsp, dte->dte_channel))
     return htsp_error("User does not have access");
 
   timerec_destroy_by_id(dteId, 1);