Prevent logout CSRFs (#7999)

By avoiding `FreshRSS_Context::initUser()` calls
author: Inverle <inverle@proton.me> 2025-09-25 21:52:29 +0200
committer: GitHub <noreply@github.com> 2025-09-25 21:52:29 +0200
commit: f8b2b8c4153f8acdb4267a269ada27f8af22d7d9 (patch)
tree: 688558861dbf7ad5c19569bbe9e57311825856de /app/Controllers/authController.php
parent: 960c6c88a5f9b9e07f933147feb9717b0133988d (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/app/Controllers/authController.php b/app/Controllers/authController.php
index 453851d22..1bdbc28b1 100644
--- a/app/Controllers/authController.php
+++ b/app/Controllers/authController.php
@@ -70,7 +70,7 @@ class FreshRSS_auth_Controller extends FreshRSS_ActionController {
 	 * the user is already connected.
 	 */
 	public function loginAction(): void {
-		if (FreshRSS_Auth::hasAccess() && Minz_Request::paramString('u') === '') {
+		if (FreshRSS_Auth::hasAccess() && !(FreshRSS_Context::systemConf()->unsafe_autologin_enabled && Minz_Request::paramString('u') !== '')) {
 			Minz_Request::forward(['c' => 'index', 'a' => 'index'], true);
 		}
author	Inverle <inverle@proton.me>	2025-09-25 21:52:29 +0200
committer	GitHub <noreply@github.com>	2025-09-25 21:52:29 +0200
commit	f8b2b8c4153f8acdb4267a269ada27f8af22d7d9 (patch)
tree	688558861dbf7ad5c19569bbe9e57311825856de /app/Controllers/authController.php
parent	960c6c88a5f9b9e07f933147feb9717b0133988d (diff)