mirrors/wallabag
1
0
Fork 0
mirror of https://github.com/wallabag/wallabag.git synced 2024-06-25 16:40:39 +00:00
Code Issues Projects Releases Wiki Activity
wallabag/src/Wallabag
History
Kevin Decherf aa06e8328e ConfigController: remove 2fa cancel step 
This change annoys me, however this endpoint was anyway problematic:
- it was vulnerable to a CSRF attack, see GHSA-56fm-hfp3-x3w3
- it is useless as we don't really handle a two-steps validation

Still, if you send an incorrect code during the "activation" phase a
flash error will pop up but the 2fa will stay enabled. This need rework
when possible.

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2023-09-30 00:49:58 +02:00
..
AnnotationBundle Add mandatory $class parameter 2023-08-05 17:25:03 +01:00
ApiBundle Prepare wallabag 2.6.3 2023-08-21 11:52:16 +02:00
CoreBundle ConfigController: remove 2fa cancel step 2023-09-30 00:49:58 +02:00
ImportBundle Merge pull request #6816 from yguedidi/use-psr-17-and-psr-18 2023-08-08 23:56:10 +02:00
UserBundle Remove twofactor_auth parameter 2023-07-15 16:18:01 +02:00