diff options
| author | Dan Raper <djr2468@gmail.com> | 2021-10-30 17:38:35 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-10-30 17:38:35 +0300 |
| commit | a52df700e3e24359ee65de5106ed5484907809f7 (patch) | |
| tree | 75a33e3540f8ca30b98fee5cfe2a028c16d9329c | |
| parent | 118c7e6627c5d6c127da37cf3838f2c0636bf80d (diff) | |
Fix incorrect "prefix and shorten" notice while logged out
Fixes #2688
Co-authored-by: ྅༻ Ǭɀħ ༄༆ཉ <ozh@ozh.org>
| -rw-r--r-- | includes/functions-auth.php | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/includes/functions-auth.php b/includes/functions-auth.php index a18d9626..7e2b41de 100644 --- a/includes/functions-auth.php +++ b/includes/functions-auth.php @@ -99,6 +99,7 @@ function yourls_is_valid_user() { // Login form : redirect to requested URL to avoid re-submitting the login form on page reload if( isset( $_REQUEST['username'] ) && isset( $_REQUEST['password'] ) && isset( $_SERVER['REQUEST_URI'] ) ) { yourls_redirect( yourls_sanitize_url_safe($_SERVER['REQUEST_URI']) ); + return; } } @@ -125,7 +126,7 @@ function yourls_check_username_password() { // If login form (not API), check for nonce if(!yourls_is_API()) { - yourls_verify_nonce('admin_login'); + yourls_verify_nonce('admin_login', false, '-1'); } if( isset( $yourls_user_passwords[ $_REQUEST['username'] ] ) && yourls_check_password_hash( $_REQUEST['username'], $_REQUEST['password'] ) ) { |