fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-09 11:44:10 +09:00
Code Issues Projects Releases Packages Wiki Activity

Support more HTTP methods #2287

Browse source
This commit is contained in:
Kijin Sung 2024-03-24 22:57:07 +09:00
parent f419353013
commit eb5dd18659
3 changed files with 22 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

11
classes/module/ModuleHandler.class.php
View file

@ -38,6 +38,13 @@ class ModuleHandler extends Handler
'svc' => '',
);
/**
* List of HTTP methods that do not require CSRF checks by default.
*/
protected static $_nocsrf_methods = array(
'GET', 'HEAD', 'OPTIONS',
);
/**
* prepares variables to use in moduleHandler
* @param string $module name of module
@ -377,7 +384,7 @@ class ModuleHandler extends Handler
}
// check CSRF for non-GET (POST, PUT, etc.) actions
if(Context::getRequestMethod() !== 'GET' && Context::isInstalled())
if(!in_array(Context::getRequestMethod(), self::$_nocsrf_methods) && Context::isInstalled())
{
if(isset($xml_info->action->{$this->act}) && $xml_info->action->{$this->act}->check_csrf !== 'false' && !checkCSRF())
{
@ -539,7 +546,7 @@ class ModuleHandler extends Handler
}
// check CSRF for non-GET (POST, PUT, etc.) actions
if(Context::getRequestMethod() !== 'GET' && Context::isInstalled())
if(!in_array(Context::getRequestMethod(), self::$_nocsrf_methods) && Context::isInstalled())
{
if($xml_info->action->{$this->act} && $xml_info->action->{$this->act}->check_csrf !== 'false' && !checkCSRF())
{