@tsteur opened this Pull Request on May 26th 2020 Member

Was just looking into https://github.com/matomo-org/wp-matomo/issues/288 and then noticed we always first issue a query against the user table before actually checking the cached data.

Should a token be used with admin or write permission, then we actually save the user query.

It shouldn't cause any security issue cause if the token is not a valid admin or write permission token, then below code would be still executed and eg the brute force check should be executed just like before.

@tsteur commented on May 26th 2020 Member

Thanks @sgiehl the change fixed the tests

This Pull Request was closed on May 26th 2020
Powered by GitHub Issue Mirror