fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-10 04:03:01 +09:00
Code Issues Projects Releases Packages Wiki Activity

Apply non-GET/non-POST CSRF patch from XE 1.8.24 (bed604e)

Browse source
This commit is contained in:
Kijin Sung 2016-08-05 17:03:24 +09:00
parent 2978c1f9e4
commit e771e4ae0b
1 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
classes/module/ModuleHandler.class.php
View file

@ -475,8 +475,8 @@ class ModuleHandler extends Handler
}
}
// check CSRF for POST actions
if(Context::getRequestMethod() === 'POST' && Context::isInstalled())
// check CSRF for non-GET (POST, PUT, etc.) actions
if(Context::getRequestMethod() !== 'GET' && Context::isInstalled())
{
if($xml_info->action->{$this->act} && $xml_info->action->{$this->act}->check_csrf !== 'false' && !checkCSRF())
{
@ -617,8 +617,8 @@ class ModuleHandler extends Handler
}
}
// check CSRF for POST actions
if(Context::getRequestMethod() === 'POST' && Context::isInstalled())
// check CSRF for non-GET (POST, PUT, etc.) actions
if(Context::getRequestMethod() !== 'GET' && Context::isInstalled())
{
if($xml_info->action->{$this->act} && $xml_info->action->{$this->act}->check_csrf !== 'false' && !checkCSRF())
{