Skip to content
Browse files

Fix generic error when anonymous login not defined

When $g_allow_anonymous_login = ON and $g_anonymous_account = '', a
Generic error is triggered in auth_flags() when trying to login
anonymously. This is due to the fact that $p_user_id parameter is false
in this case.

To prevent this, the function now performs a loose-type check on the
user id, so MantisBT returns to the login page with a friendlier error
message "Your account may be disabled or blocked or the
username/password you entered is incorrect."

Fixes #25061
  • Loading branch information...
dregad committed May 7, 2018
1 parent 91782fe commit d7ca6fa87c269e8d4c96de4973ded512c21bd30c
Showing with 1 addition and 1 deletion.
  1. +1 −1 core/authentication_api.php
@@ -82,7 +82,7 @@
* @return AuthFlags The auth flags object to use.
function auth_flags( $p_user_id = null, $p_username = '' ) {
if( is_null( $p_user_id ) ) {
if( !$p_user_id ) {
# If user id is not provided and user is not authenticated return default flags.
# Otherwise, we can get into a loop as in #22740
if( !auth_is_user_authenticated() ) {

0 comments on commit d7ca6fa

Please sign in to comment.
You can’t perform that action at this time.