# HG changeset patch # User Dan Fuhry # Date 1460150535 14400 # Node ID d58bafde2a9278b779d2a7765b769d42c490aadb # Parent be4a5f24bb296247977d10842803d2c52898bd6a SECURITY: Require login to view YMS page if sudo mode requirement is turned off diff -r be4a5f24bb29 -r d58bafde2a92 yms/yms.php --- a/yms/yms.php Mon Nov 24 15:11:44 2014 -0500 +++ b/yms/yms.php Fri Apr 08 17:22:15 2016 -0400 @@ -10,7 +10,7 @@ $yms_client_id = ($force_cid = getConfig('yms_force_client_id', 0)) > 0 ? intval($force_cid) : $session->user_id; // Require re-auth? - if ( $session->auth_level < USER_LEVEL_CHPREF && getConfig('yms_require_reauth', 1) == 1 ) + if ( !$session->user_logged_in || ($session->auth_level < USER_LEVEL_CHPREF && getConfig('yms_require_reauth', 1) == 1) ) { redirect(makeUrlNS('Special', "Login/$paths->fullpage", 'level=' . USER_LEVEL_CHPREF), '', '', 0); }