cerebrate-project
/
cerebrate
mirror of https://github.com/cerebrate-project/cerebrate
1
0
Fork 0
Code Issues Releases Wiki Activity

fix: [authkey] should only be used in a rest context 

- otherwise some weird authentication snafus can happen
- as reported by SK-CERT
cli-modification-summary
iglocska 2022-09-19 02:14:57 +02:00
parent 3b215a5ec0
commit fd6d3466d7
No known key found for this signature in database
GPG Key ID: BEA224F1FEF113AC
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Controller/AppController.php
View File

@ -99,8 +99,8 @@ class AppController extends Controller
{ {
$this->loadModel('Users'); $this->loadModel('Users');
$this->Users->checkForNewInstance(); $this->Users->checkForNewInstance();
$this->authApiUser();
if ($this->ParamHandler->isRest()) { if ($this->ParamHandler->isRest()) {
$this->authApiUser();
$this->Security->setConfig('unlockedActions', [$this->request->getParam('action')]); $this->Security->setConfig('unlockedActions', [$this->request->getParam('action')]);
} }
$this->ACL->setPublicInterfaces(); $this->ACL->setPublicInterfaces();