- Issue created by @MakerTimSWIS
- π³π±Netherlands MakerTimSWIS
MakerTimSWIS β changed the visibility of the branch 1.0.x to hidden.
- π¦πΊAustralia Mingsong π¦πΊ
Thanks for the patch(fork).
I have a question about the following code,
if (!in_array($this->validityPeriod, array_keys($options))) { $options[$this->validityPeriod] = $this->validityPeriod / 60; }This will provide a possibility to have a validity period that is not included the allowed list from line 354 in /src/Plugin/TfaValidation/TfaEmailOtpValidation.php
https://git.drupalcode.org/issue/tfa_email_otp-3427331/-/blob/a8f1157a53...
The allowed periods are
$options = [ 60 => 1, 120 => 2, 180 => 3, 240 => 4, 300 => 5, 600 => 10, ];An unexpected long period of validity time is a security concern. That is why the allowed options is hard-coded.
- Status changed to Needs work
4 months ago 10:58pm 12 March 2024