diff options
author | Thomas Steur <tsteur@users.noreply.github.com> | 2019-04-11 01:56:26 +0300 |
---|---|---|
committer | diosmosis <diosmosis@users.noreply.github.com> | 2019-04-11 01:56:25 +0300 |
commit | 65b5523adf92c686f1448e858fa428b57d68a674 (patch) | |
tree | 156b9a0cb76399580ca2d9cd38764e8ea714be50 | |
parent | beff637e0ec74154b81ca18de50f7c9d30092e8e (diff) |
require TwoFA to be verified before updating code base (#14322)
* require TwoFA to be verified before updating code base
fix https://github.com/matomo-org/matomo/issues/14251
* Remove part ofcomment
-rw-r--r-- | core/Common.php | 1 | ||||
-rw-r--r-- | plugins/TwoFactorAuth/TwoFactorAuth.php | 2 |
2 files changed, 1 insertions, 2 deletions
diff --git a/core/Common.php b/core/Common.php index 816781a9d1..a76c3e205a 100644 --- a/core/Common.php +++ b/core/Common.php @@ -635,7 +635,6 @@ class Common /** * Generate random string. - * Do not use for security related purposes (the string is not truly random). * * @param int $length string length * @param string $alphabet characters allowed in random string diff --git a/plugins/TwoFactorAuth/TwoFactorAuth.php b/plugins/TwoFactorAuth/TwoFactorAuth.php index 06091294f4..4f550df53d 100644 --- a/plugins/TwoFactorAuth/TwoFactorAuth.php +++ b/plugins/TwoFactorAuth/TwoFactorAuth.php @@ -172,7 +172,7 @@ class TwoFactorAuth extends \Piwik\Plugin return false; } - if ($module === 'CoreUpdater') { + if ($module === 'CoreUpdater' && $action !== 'newVersionAvailable' && $action !== 'oneClickUpdate') { return false; } |