mirror of https://github.com/MISP/MISP
fix: [registrations] Users can now register using the API without a valid key, affects #5783
parent
6bff239740
commit
03c866fe4e
|
@ -204,7 +204,14 @@ class AppController extends Controller
|
|||
$this->Security->unlockedActions = array($this->action);
|
||||
}
|
||||
|
||||
if (!$userLoggedIn) {
|
||||
if (
|
||||
!$userLoggedIn &&
|
||||
(
|
||||
$this->params['controller'] !== 'users' ||
|
||||
$this->params['action'] !== 'register' ||
|
||||
empty(Configure::read('Security.allow_self_registration'))
|
||||
)
|
||||
) {
|
||||
// REST authentication
|
||||
if ($this->_isRest() || $this->_isAutomation()) {
|
||||
// disable CSRF for REST access
|
||||
|
|
Loading…
Reference in New Issue