Searched hist:f04d92b8f19e94b063c4246f59212be0c36ca05c (Results 1 – 1 of 1) sorted by relevance
| /plugin/twofactor/ |
| H A D | Manager.php | f04d92b8f19e94b063c4246f59212be0c36ca05c Tue Jul 11 13:03:26 UTC 2023 Andreas Gohr <andi@splitbrain.org> avoid rogue 2fa code generations
When a wiki uses rewriting, non-existing files are mapped to doku.php
and interpreted as page names. When using a 2fa provider that transmits
codes (like email) this could lead to sending multiple codes out for
each of these bogus requests. This patch ensures that the 2fa form (and
code sending) is only triggered for document requests as indicated by
the sec-fetch-dest request header.
|