mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-06-30 16:39:38 +02:00
e56ad9b37c
It breaks logic flow, e.g. when
Its called by BasicAuth:requireLogin() when basic auth is enabled,
before any controller logic kicks in (on every HTTP request).
This means you can't use session-based BackURLs with basic auth enabled,
breaking flows like redirection after Facebook logins.
I can't see why a clear() was necessary here, looks like a overly
cautious way to prevent infinite loops? Can't see how those
would be caused by requireLogin() though.
Been there since all the way back in 2007:
|
||
|---|---|---|
| .. | ||
| Authenticator.php | ||
| BasicAuth.php | ||
| ChangePasswordForm.php | ||
| Group.php | ||
| GroupCsvBulkLoader.php | ||
| LoginAttempt.php | ||
| LoginForm.php | ||
| Member.php | ||
| MemberAuthenticator.php | ||
| MemberCsvBulkLoader.php | ||
| MemberLoginForm.php | ||
| MemberPassword.php | ||
| PasswordEncryptor.php | ||
| PasswordValidator.php | ||
| Permission.php | ||
| PermissionCheckboxSetField.php | ||
| PermissionFailureException.php | ||
| PermissionProvider.php | ||
| PermissionRole.php | ||
| PermissionRoleCode.php | ||
| RandomGenerator.php | ||
| Security.php | ||
| SecurityToken.php | ||