aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorbrettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>2010-02-26 14:33:17 +0000
committerbrettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>2010-02-26 14:33:17 +0000
commit70cdb33ea110da47d2878b737b4f61619915993e (patch)
tree3551feeafe14cabc85476235f993df253a976ece
parent2d9b941d8163565e7738dcde775e35effff6074d (diff)
downloadelgg-70cdb33ea110da47d2878b737b4f61619915993e.tar.gz
elgg-70cdb33ea110da47d2878b737b4f61619915993e.tar.bz2
Added login to the list of actions not requiring a security token.
git-svn-id: http://code.elgg.org/elgg/trunk@3972 36083f99-b078-4883-b0ff-0f9b5a30f544
-rw-r--r--engine/lib/actions.php12
1 files changed, 8 insertions, 4 deletions
diff --git a/engine/lib/actions.php b/engine/lib/actions.php
index 278194ac3..25ef411f6 100644
--- a/engine/lib/actions.php
+++ b/engine/lib/actions.php
@@ -24,13 +24,17 @@ function action($action, $forwarder = "") {
// set GET params
elgg_set_input_from_uri();
- // @todo REMOVE THESE EXCEPTIONS IN 1.8.
- // These are only to provide a way to disable plugins that overwrite core
- // UI without tokens. (And for installation because of session_id problems)
+ // @todo REMOVE THESE ONCE #1509 IS IN PLACE.
+ // Allow users to disable plugins without a token in order to
+ // remove plugins that are imcompatible.
+ // Installation cannot use tokens because it requires site secret to be
+ // working. (#1462)
+ // Login and logout are for convenience.
$exceptions = array(
'systemsettings/install',
'admin/plugins/disable',
- 'logout'
+ 'logout',
+ 'login'
);
if (!in_array($action, $exceptions)) {