Thomas Steur
Thomas Steur
Just seeing #2888 is scheduled for 3.7.0 as well :)
FYI: Now that we will have #2888 I will move it out of this milestone. It wouldn't be that valuable when a user can still try to log in through...
> I'm actually not sure if the order plugins are loaded in is something that anyone should rely on. We sort the plugins in the right order in `PluginList::sortPluginsAndRespectDependencies()` when...
@sgiehl for consistency, we would just need to use same behavior as `Manager::findComponents` and `EventDispatcher::postEvent` and use `$plugins = $this->getPluginsLoadedAndActivated();`. Then things should come out in the right order for...
If you can think of a way to exploit this, please report the issue via https://hackerone.com/matomo/ for a bounty.
Wonder if we even need a setting or could just revalidate after 1 year or 6 months or so?
Something to keep in mind though that makes this flow a bit buggy is that we don't validate an email address when adding an account. So the super user email...
> This is BC breaking since it affects API output. User of that API currently will have to unsanitize or display the text w/o escaping, so it may break uses....
I reckon it is not planned to work on this soon. Technically, those are even different URLs. I reckon someone with some PHP skills could fairly easily implement this change....