Bypass mechanism doesn't work for logout
-
There’s two related issues with the authentication bypass mechanism. The first is that logout from non-CAS authenticated users sets the wp_cassify_bypass parameter in the URL to true, rather than bypass. Ultimately, that doesn’t matter, because the code that checks for the bypass parameter doesn’t check if it actually appears in the URL, it checks referrer and post redirection. Setting the bypass parameter to ‘bypass’ in wp_cassify_logout() and adding an additional OR condition for it appearing in $_GET in wp_cassify_bypass() fixes the issue.
Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
- The topic ‘Bypass mechanism doesn't work for logout’ is closed to new replies.
