From 2d6651be16095453e379dc34e38f8608deb73e4d Mon Sep 17 00:00:00 2001
From: =?utf8?q?Tim=20D=C3=BCsterhus?= <duesterhus@woltlab.com>
Date: Fri, 8 Jan 2021 16:03:23 +0100
Subject: [PATCH] Remove MultifactorAuthenticationAbort from ACP guest
 controller whitelist

---
 wcfsetup/install/files/lib/system/WCFACP.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wcfsetup/install/files/lib/system/WCFACP.class.php b/wcfsetup/install/files/lib/system/WCFACP.class.php
index a2b684496d..43f4e13ba2 100644
--- a/wcfsetup/install/files/lib/system/WCFACP.class.php
+++ b/wcfsetup/install/files/lib/system/WCFACP.class.php
@@ -139,7 +139,7 @@ class WCFACP extends WCF {
 				exit;
 			}
 		}
-		else if (empty($pathInfo) || !preg_match('~^/?(login|logout|multifactor-authentication|multifactor-authentication-abort)/~i', $pathInfo)) {
+		else if (empty($pathInfo) || !preg_match('~^/?(login|logout|multifactor-authentication)/~i', $pathInfo)) {
 			if (WCF::getUser()->userID == 0) {
 				// work-around for AJAX-requests within ACP
 				if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
-- 
2.20.1