MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

fix: [registrations] Users can now register using the API without a valid key, affects #5783

pull/5816/head
iglocska 2020-04-24 11:39:59 +02:00
parent 6bff239740
commit 03c866fe4e
No known key found for this signature in database
GPG Key ID: BEA224F1FEF113AC
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
app/Controller/AppController.php
View File

@ -204,7 +204,14 @@ class AppController extends Controller
$this->Security->unlockedActions = array($this->action);
}
if (!$userLoggedIn) {
if (
!$userLoggedIn &&
(
$this->params['controller'] !== 'users' ||
$this->params['action'] !== 'register' ||
empty(Configure::read('Security.allow_self_registration'))
)
) {
// REST authentication
if ($this->_isRest() || $this->_isAutomation()) {
// disable CSRF for REST access