From 70cdb33ea110da47d2878b737b4f61619915993e Mon Sep 17 00:00:00 2001
From: brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>
Date: Fri, 26 Feb 2010 14:33:17 +0000
Subject: Added login to the list of actions not requiring a security token.

git-svn-id: http://code.elgg.org/elgg/trunk@3972 36083f99-b078-4883-b0ff-0f9b5a30f544
---
 engine/lib/actions.php | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/engine/lib/actions.php b/engine/lib/actions.php
index 278194ac3..25ef411f6 100644
--- a/engine/lib/actions.php
+++ b/engine/lib/actions.php
@@ -24,13 +24,17 @@ function action($action, $forwarder = "") {
 	// set GET params
 	elgg_set_input_from_uri();
 
-	// @todo REMOVE THESE EXCEPTIONS IN 1.8.
-	// These are only to provide a way to disable plugins that overwrite core
-	// UI without tokens.  (And for installation because of session_id problems)
+	// @todo REMOVE THESE ONCE #1509 IS IN PLACE.
+	// Allow users to disable plugins without a token in order to
+	// remove plugins that are imcompatible.
+	// Installation cannot use tokens because it requires site secret to be
+	// working. (#1462)
+	// Login and logout are for convenience.
 	$exceptions = array(
 		'systemsettings/install',
 		'admin/plugins/disable',
-		'logout'
+		'logout',
+		'login'
 	);
 
 	if (!in_array($action, $exceptions)) {
-- 
cgit v1.2.3