Added login to the list of actions not requiring a security token.

author brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>

Fri, 26 Feb 2010 14:33:17 +0000 (14:33 +0000)

committer brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>

Fri, 26 Feb 2010 14:33:17 +0000 (14:33 +0000)
author brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>
Fri, 26 Feb 2010 14:33:17 +0000 (14:33 +0000)
committer brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>
Fri, 26 Feb 2010 14:33:17 +0000 (14:33 +0000)
diff --git a/engine/lib/actions.php b/engine/lib/actions.php

index 278194ac3f6d54e65089bad162ea1fca6732c797..25ef411f687b30f0c363b370a006bf76cec7215f 100644 (file)
--- a/engine/lib/actions.php
+++ b/engine/lib/actions.php
@@ -24,13 +24,17 @@ function action($action, $forwarder = "") {
         // set GET params
         elgg_set_input_from_uri();
  
-       // @todo REMOVE THESE EXCEPTIONS IN 1.8.
-       // These are only to provide a way to disable plugins that overwrite core
-       // UI without tokens.  (And for installation because of session_id problems)
+       // @todo REMOVE THESE ONCE #1509 IS IN PLACE.
+       // Allow users to disable plugins without a token in order to
+       // remove plugins that are imcompatible.
+       // Installation cannot use tokens because it requires site secret to be
+       // working. (#1462)
+       // Login and logout are for convenience.
         $exceptions = array(
                 'systemsettings/install',
                 'admin/plugins/disable',
-               'logout'
+               'logout',
+               'login'
         );
  
         if (!in_array($action, $exceptions)) {
author	brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>
	Fri, 26 Feb 2010 14:33:17 +0000 (14:33 +0000)
committer	brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>
	Fri, 26 Feb 2010 14:33:17 +0000 (14:33 +0000)