MantisBT: master-2.28 c6ccd554

Diff Back to Repository
Author Committer Branch Timestamp Parent
dregad dregad master-2.28 2026-05-18 03:00 master-2.28 c96c8795
Affected Issues  0037130: login_password_page.php: CSRF validation fails when called via auth_reauthenticate() (since 2.28.2)
 0037135: Fix CSRF validation failure in anonymous login
Changeset

Fix anonymous login regression caused by CSRF token

Merging PR https://github.com/mantisbt/mantisbt/pull/2221, which
initially contained 2 fixes.

The first one (anonymous login) is merged by this.

The second for core/authentication_api.php (auth_reauthenticate()) was
reverted by the author following PR review, as the problem was already
fixed in Issue 0037130.

Keeping the sausage-making in Git history just in case a bug surfaces
later on.

Fixes 0037135
mod - login_anon.php Diff File