From e5dbabd95be2c46ab0db7b6161910d72d648d369 Mon Sep 17 00:00:00 2001 From: zero-24 Date: Tue, 7 Oct 2025 23:47:35 +0200 Subject: [PATCH 1/2] always allow the captive page and captive.validate task even with PW reset requested --- libraries/src/Application/CMSApplication.php | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/libraries/src/Application/CMSApplication.php b/libraries/src/Application/CMSApplication.php index 3dcec60b661be..eda4bfd4d41eb 100644 --- a/libraries/src/Application/CMSApplication.php +++ b/libraries/src/Application/CMSApplication.php @@ -436,6 +436,16 @@ protected function checkUserRequiresReset($option, $view, $layout, $urls = []) return; } + /** + * The mfa/captive view page and captive,validate task also needs to be always accessible. + */ + if ( + $this->input->getCmd('option', '') === 'com_users' + && ($this->input->getCmd('view', '') === 'captive' || $this->input->getCmd('task', '') === 'captive.validate') + ) { + return; + } + // If the current URL matches an entry in $urls, we do not redirect foreach ($urls as $url) { $match = true; From 25a62c9ab32cfd128a6ade2556883eba5793d5e4 Mon Sep 17 00:00:00 2001 From: Tobias Zulauf Date: Wed, 8 Oct 2025 11:04:31 +0200 Subject: [PATCH 2/2] Update libraries/src/Application/CMSApplication.php Co-authored-by: Richard Fath --- libraries/src/Application/CMSApplication.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libraries/src/Application/CMSApplication.php b/libraries/src/Application/CMSApplication.php index eda4bfd4d41eb..244ab4a200e1d 100644 --- a/libraries/src/Application/CMSApplication.php +++ b/libraries/src/Application/CMSApplication.php @@ -437,7 +437,7 @@ protected function checkUserRequiresReset($option, $view, $layout, $urls = []) } /** - * The mfa/captive view page and captive,validate task also needs to be always accessible. + * The mfa/captive view page and "captive.validate" task also needs to be always accessible. */ if ( $this->input->getCmd('option', '') === 'com_users'