Remove MultifactorAuthenticationAbort from ACP guest controller whitelist

author Tim Düsterhus <duesterhus@woltlab.com>

Fri, 8 Jan 2021 15:03:23 +0000 (16:03 +0100)

committer Tim Düsterhus <duesterhus@woltlab.com>

Fri, 8 Jan 2021 15:03:40 +0000 (16:03 +0100)
author Tim Düsterhus <duesterhus@woltlab.com>
Fri, 8 Jan 2021 15:03:23 +0000 (16:03 +0100)
committer Tim Düsterhus <duesterhus@woltlab.com>
Fri, 8 Jan 2021 15:03:40 +0000 (16:03 +0100)
diff --git a/wcfsetup/install/files/lib/system/WCFACP.class.php b/wcfsetup/install/files/lib/system/WCFACP.class.php

index a2b684496d65c8909dc823a9ae386d57bf34bcc7..43f4e13ba2ab9035b4a5adea64ce8a4f6936836f 100644 (file)
--- a/wcfsetup/install/files/lib/system/WCFACP.class.php
+++ b/wcfsetup/install/files/lib/system/WCFACP.class.php
@@ -139,7 +139,7 @@ class WCFACP extends WCF {
                                 exit;
                         }
                 }
-               else if (empty($pathInfo) || !preg_match('~^/?(login|logout|multifactor-authentication|multifactor-authentication-abort)/~i', $pathInfo)) {
+               else if (empty($pathInfo) || !preg_match('~^/?(login|logout|multifactor-authentication)/~i', $pathInfo)) {
                         if (WCF::getUser()->userID == 0) {
                                 // work-around for AJAX-requests within ACP
                                 if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
author	Tim Düsterhus <duesterhus@woltlab.com>
	Fri, 8 Jan 2021 15:03:23 +0000 (16:03 +0100)
committer	Tim Düsterhus <duesterhus@woltlab.com>
	Fri, 8 Jan 2021 15:03:40 +0000 (16:03 +0100)