Mercurial Mercurial > repos > yms / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
SECURITY: Require login to view YMS page if sudo mode requirement is turned off
authorDan Fuhry <dan@enanocms.org>
Fri, 08 Apr 2016 17:22:15 -0400
changeset 9 d58bafde2a92
parent 8 be4a5f24bb29
child 10 351d40b21cbc
SECURITY: Require login to view YMS page if sudo mode requirement is turned off
yms/yms.php file | annotate | diff | comparison | revisions 
--- a/yms/yms.php	Mon Nov 24 15:11:44 2014 -0500
+++ b/yms/yms.php	Fri Apr 08 17:22:15 2016 -0400
@@ -10,7 +10,7 @@
   $yms_client_id = ($force_cid = getConfig('yms_force_client_id', 0)) > 0 ? intval($force_cid) : $session->user_id;
   
   // Require re-auth?
-  if ( $session->auth_level < USER_LEVEL_CHPREF && getConfig('yms_require_reauth', 1) == 1 )
+  if ( !$session->user_logged_in || ($session->auth_level < USER_LEVEL_CHPREF && getConfig('yms_require_reauth', 1) == 1) )
   {
     redirect(makeUrlNS('Special', "Login/$paths->fullpage", 'level=' . USER_LEVEL_CHPREF), '', '', 0);
   }
Yubikey Management Server