mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-06 16:18:41 +02:00
e56ad9b37c
It breaks logic flow, e.g. when
Its called by BasicAuth:requireLogin() when basic auth is enabled,
before any controller logic kicks in (on every HTTP request).
This means you can't use session-based BackURLs with basic auth enabled,
breaking flows like redirection after Facebook logins.
I can't see why a clear() was necessary here, looks like a overly
cautious way to prevent infinite loops? Can't see how those
would be caused by requireLogin() though.
Been there since all the way back in 2007:
|
||
---|---|---|
.. | ||
Authenticator.php | ||
BasicAuth.php | ||
ChangePasswordForm.php | ||
Group.php | ||
GroupCsvBulkLoader.php | ||
LoginAttempt.php | ||
LoginForm.php | ||
Member.php | ||
MemberAuthenticator.php | ||
MemberCsvBulkLoader.php | ||
MemberLoginForm.php | ||
MemberPassword.php | ||
PasswordEncryptor.php | ||
PasswordValidator.php | ||
Permission.php | ||
PermissionCheckboxSetField.php | ||
PermissionFailureException.php | ||
PermissionProvider.php | ||
PermissionRole.php | ||
PermissionRoleCode.php | ||
RandomGenerator.php | ||
Security.php | ||
SecurityToken.php |