Skip to content

Commit

Permalink
Fix an issue dismissing vulnerability alerts when logged out
Browse files Browse the repository at this point in the history
  • Loading branch information
Alexandre Hellin committed Oct 31, 2023
1 parent ebf13b2 commit c706996
Show file tree
Hide file tree
Showing 4 changed files with 16 additions and 8 deletions.
3 changes: 2 additions & 1 deletion .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -6,4 +6,5 @@ md5_*.xml
/tests/
*.sublime-*
src/Api/TestGenericProvider.php
*.lock
*.lock
/.idea/
16 changes: 13 additions & 3 deletions controllers/admin/AdminPrestascanSecurityReportsController.php
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,14 @@ class AdminPrestascanSecurityReportsController extends ModuleAdminController
public $display_header = false;
public $display_footer = false;

/**
* @var string[] Actions which do not require user login to execute.
*/
private static $anonymousActions = [
'logout',
'dismmissedAlert',
];

public function init()
{
$OAuth = new \PrestaScan\OAuth2\Oauth();
Expand All @@ -40,12 +48,14 @@ public function init()
}
} catch (\Exception $exp) {
// An exception may occure when token values are invalid. This may happen with localoauth
if (\Tools::getValue('action') === 'logout') {
$this->ajaxProcessLogout();
}
$error = true;
}

// In case of an anonymous action, login failure is not a problem
if ($error && in_array(\Tools::getValue('action'), self::$anonymousActions, true)) {
$error = false;
}

if ($error) {
self::dieWithError($this->module->l('To launch a scan please log in or create an account. Having an account allows us to securely perform scans on your behalf and deliver accurate results. Click \'Login\' on the top right corner to sign in or create a new account.', 'AdminPrestascanSecurityReportsController'));
}
Expand Down
2 changes: 1 addition & 1 deletion prestascansecurity.php
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ public function __construct()
{
$this->name = 'prestascansecurity';
$this->tab = 'others';
$this->version = '1.1.4';
$this->version = '1.1.5';
$this->author = 'PrestaScan';
$this->need_instance = false;
$this->bootstrap = true;
Expand Down
3 changes: 0 additions & 3 deletions views/js/reports.js
Original file line number Diff line number Diff line change
Expand Up @@ -458,9 +458,6 @@ $(function () {
});
},
handleActionDismissAlert : function (alertId) {
if (!prestascansecurity_isLoggedIn) {
return false;
}
$.ajax({
type: 'POST',
cache: 'false',
Expand Down

0 comments on commit c706996

Please sign in to comment.