Verified Commit cee991ae authored by noplanman's avatar noplanman
Browse files

Read the posted code is a string instead of integer.

parent cacc6a45
......@@ -77,8 +77,9 @@ class Wp_Otp_Admin {
$otp = new TOTP( $user->user_login, $secret );
$otp_code = isset( $_POST['wp_otp_code'] ) ? (int) $_POST['wp_otp_code'] : 0;
$otp_code = isset( $_POST['wp_otp_code'] ) ? $_POST['wp_otp_code'] : '';
if ( $otp_code && ! $user_meta_data->get( 'enabled', false ) ) {
/** Filter documented in class-wp-otp-public.php */
$otp_window = (int) apply_filters( 'wp_otp_code_expiration_window', 2 );
if ( $otp->verify( $otp_code, null, $otp_window ) ) {
......
......@@ -6,6 +6,7 @@
.wp-otp-link-reconfigure,
.wp-otp-link-new-recovery-codes {
margin: 4px !important;
display: inline-block;
}
.wp-otp-recovery-codes-box del,
......
......@@ -86,7 +86,7 @@ class Wp_Otp_Public {
$user_meta_data = Wp_Otp_User_Meta::get_instance( $user->ID );
if ( $user_meta_data->get( 'enabled' ) && null !== $user_meta_data->get( 'secret' ) ) {
$otp_code = isset( $_POST['wp_otp_code'] ) ? $_POST['wp_otp_code'] : 0;
$otp_code = isset( $_POST['wp_otp_code'] ) ? $_POST['wp_otp_code'] : '';
/**
* Filter for the OTP code expiration window.
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment