mirror of
https://github.com/sbrl/Pepperminty-Wiki.git
synced 2024-11-22 16:33:00 +00:00
Fix access by secret when login is forced
This commit is contained in:
parent
a63d83bc34
commit
6adb919c2a
1 changed files with 1 additions and 1 deletions
2
core.php
2
core.php
|
@ -1337,7 +1337,7 @@ if(!isset($pageindex->{$env->page}) and isset($_GET["search-redirect"]))
|
||||||
// Note we use $_GET here because $env->action isn't populated at this point
|
// Note we use $_GET here because $env->action isn't populated at this point
|
||||||
if($settings->require_login_view === true && // If this site requires a login in order to view pages
|
if($settings->require_login_view === true && // If this site requires a login in order to view pages
|
||||||
!$env->is_logged_in && // And the user isn't logged in
|
!$env->is_logged_in && // And the user isn't logged in
|
||||||
!in_array($_GET["action"], [ "login", "checklogin", "opensearch-description" ])) // And the user isn't trying to login, or get the opensearch description
|
!in_array($_GET["action"], [ "login", "checklogin", "opensearch-description", "invindex-rebuild", "stats-update" ])) // And the user isn't trying to login, or get the opensearch description, or access actions that apply their own access rules
|
||||||
{
|
{
|
||||||
// Redirect the user to the login page
|
// Redirect the user to the login page
|
||||||
http_response_code(307);
|
http_response_code(307);
|
||||||
|
|
Loading…
Reference in a new issue