HTSP: verify channel only when set for autorec/timerec entries, fixes #2892

diff --git a/src/htsp_server.c b/src/htsp_server.c
index 24a8e6a9caa57b01ba190774a87b3ef4f45396ef..4704dfdb3f10e26b934171df1ce187a0fe6f3a5e 100644 (file)
--- a/src/htsp_server.c
+++ b/src/htsp_server.c
@@ -1746,7 +1746,7 @@ htsp_method_deleteAutorecEntry(htsp_connection_t *htsp, htsmsg_t *in)
     return htsp_error("User does not have access");
 
   /* Check access */
-  if (!htsp_user_access_channel(htsp, dae->dae_channel))
+  if (dae->dae_channel && !htsp_user_access_channel(htsp, dae->dae_channel))
     return htsp_error("User does not have access");
 
   autorec_destroy_by_id(daeId, 1);
@@ -1842,7 +1842,7 @@ htsp_method_deleteTimerecEntry(htsp_connection_t *htsp, htsmsg_t *in)
     return htsp_error("User does not have access");
 
   /* Check access */
-  if (!htsp_user_access_channel(htsp, dte->dte_channel))
+  if (dte->dte_channel && !htsp_user_access_channel(htsp, dte->dte_channel))
     return htsp_error("User does not have access");
 
   timerec_destroy_by_id(dteId, 1);