Only perform login action on explicit POST (#25653).

Patch by Holger Just. git-svn-id: http://svn.redmine.org/redmine/trunk@16554 e93f8b46-1217-0410-a6f0-8f06a7374b81
2025-11-02 03:15:57 +01:00 · 2017-05-13 09:32:09 +00:00
parent b3ac4a6295
commit fee959675d
1 changed files with 3 additions and 3 deletions
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@@ -34,12 +34,12 @@ class AccountController < ApplicationController

  # Login request and validation
  def login
-    if request.get?
+    if request.post?
+      authenticate_user
+    else
      if User.current.logged?
        redirect_back_or_default home_url, :referer => true
      end
-    else
-      authenticate_user
    end
  rescue AuthSourceException => e
    logger.error "An error occurred when authenticating #{params[:username]}: #{e.message}"