WikiDocs icon indicating copy to clipboard operation
WikiDocs copied to clipboard
verified publisher icon Zavy86

Lockdown on EDITCODE==VIEWCODE

Open TheNeoBurn opened this issue 1 year ago • 1 comments

Describe your issue

When edit and view code are the same (which is not checked) it is impossible to log in as editor afterwards because the session data $_SESSION['wikidocs']['authenticated'] will always be set to 1 rather than 2.

This is because the check if the authentication password matches the view code is done after the check if it matches the edit code and thus overrides the first result.

Device and settings

Debian, nginx, php8.1

Steps to reproduce

  1. Have a configured WikiDocs instance
  2. Log in as editor
  3. Go to settings and set the view code to the same as the edit code and save
  4. Log out
  5. Try to log in as editor again

To resolve the issue you need to edit datasets/config.inc.php manually.

Screenshots (optional)

No response

Extra fields

  • [ ] I'd like to work on this issue

TheNeoBurn avatar Mar 26 '24 14:03 TheNeoBurn

fixed in 1.0.20

Zavy86 avatar Mar 28 '24 07:03 Zavy86