From: Tim Düsterhus <duesterhus@woltlab.com>
Date: Fri, 8 Jan 2021 15:03:23 +0000 (+0100)
Subject: Remove MultifactorAuthenticationAbort from ACP guest controller whitelist
X-Git-Tag: 5.4.0_Alpha_1~466
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=2d6651be16095453e379dc34e38f8608deb73e4d;p=GitHub%2FWoltLab%2FWCF.git

Remove MultifactorAuthenticationAbort from ACP guest controller whitelist
---

diff --git a/wcfsetup/install/files/lib/system/WCFACP.class.php b/wcfsetup/install/files/lib/system/WCFACP.class.php
index a2b684496d..43f4e13ba2 100644
--- a/wcfsetup/install/files/lib/system/WCFACP.class.php
+++ b/wcfsetup/install/files/lib/system/WCFACP.class.php
@@ -139,7 +139,7 @@ class WCFACP extends WCF {
 				exit;
 			}
 		}
-		else if (empty($pathInfo) || !preg_match('~^/?(login|logout|multifactor-authentication|multifactor-authentication-abort)/~i', $pathInfo)) {
+		else if (empty($pathInfo) || !preg_match('~^/?(login|logout|multifactor-authentication)/~i', $pathInfo)) {
 			if (WCF::getUser()->userID == 0) {
 				// work-around for AJAX-requests within ACP
 				if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {