Closed ctgraham closed 5 years ago
Wiping the password from the POST superglobal is ineffective to prevent login because OJS core has already cached the POST and GET data within the Request object.
https://github.com/ulsdevteam/pkp-betterPassword/blob/43dd2e61a30cea7bc9e08b48afb41669274b3488/BetterPasswordPlugin.inc.php#L270
Wiping the password from the POST superglobal is ineffective to prevent login because OJS core has already cached the POST and GET data within the Request object.
https://github.com/ulsdevteam/pkp-betterPassword/blob/43dd2e61a30cea7bc9e08b48afb41669274b3488/BetterPasswordPlugin.inc.php#L270