1
0
Fork 0
mirror of https://github.com/sbrl/Pepperminty-Wiki.git synced 2024-11-22 04:23:01 +00:00

Fix access by secret when login is forced

This commit is contained in:
Starbeamrainbowlabs 2017-07-14 20:46:22 +01:00
parent a63d83bc34
commit 6adb919c2a

View file

@ -1337,7 +1337,7 @@ if(!isset($pageindex->{$env->page}) and isset($_GET["search-redirect"]))
// Note we use $_GET here because $env->action isn't populated at this point // Note we use $_GET here because $env->action isn't populated at this point
if($settings->require_login_view === true && // If this site requires a login in order to view pages if($settings->require_login_view === true && // If this site requires a login in order to view pages
!$env->is_logged_in && // And the user isn't logged in !$env->is_logged_in && // And the user isn't logged in
!in_array($_GET["action"], [ "login", "checklogin", "opensearch-description" ])) // And the user isn't trying to login, or get the opensearch description !in_array($_GET["action"], [ "login", "checklogin", "opensearch-description", "invindex-rebuild", "stats-update" ])) // And the user isn't trying to login, or get the opensearch description, or access actions that apply their own access rules
{ {
// Redirect the user to the login page // Redirect the user to the login page
http_response_code(307); http_response_code(307);