diff options
| author | Justin Velluppillai <justin@innocraft.com> | 2022-09-27 04:31:49 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-09-27 04:31:49 +0300 |
| commit | 8d15cf986113c6757350c1c2deed70fd09a50779 (patch) | |
| tree | 7fc15cd221312836b14fe3caacf9b6ce0b5ac41c | |
| parent | 8f163544a7f5e76661029a5b67dd381ab15bec38 (diff) | |
don't need to check for leaked tokens in an empty string (#19756)
| -rw-r--r-- | plugins/TwoFactorAuth/TwoFactorAuth.php | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/plugins/TwoFactorAuth/TwoFactorAuth.php b/plugins/TwoFactorAuth/TwoFactorAuth.php index 75a0c19141..f31cad032a 100644 --- a/plugins/TwoFactorAuth/TwoFactorAuth.php +++ b/plugins/TwoFactorAuth/TwoFactorAuth.php @@ -254,6 +254,10 @@ class TwoFactorAuth extends \Piwik\Plugin private function removeTokenFromOutput($output) { + if (empty($output)) { + return $output; + } + $token = Piwik::getCurrentUserTokenAuth(); // make sure to not leak the token... otherwise someone could log in using someone's credentials... // and then maybe in the auth screen look into the DOM to find the token... and then bypass the |