mirror/FreshRSS
0
0
Fork 0
mirror of https://github.com/FreshRSS/FreshRSS.git synced 2026-05-18 13:24:37 -04:00
Code Issues Packages Projects Releases Wiki Activity

Do not mix POST and GET params

Browse Source 
Avoid returning CSRF POST token for a GET
This commit is contained in:
Alexandre Alapetite
2016-08-13 19:10:32 +02:00
parent e6fd34bdda
commit 56ffc115d1
6 changed files with 23 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/Controllers/configureController.php
View File

@@ -139,7 +139,7 @@ class FreshRSS_configure_Controller extends Minz_ActionController {
*/
public function sharingAction() {
if (Minz_Request::isPost()) {
$params = Minz_Request::params();
$params = Minz_Request::fetchGET();
FreshRSS_Context::$user_conf->sharing = $params['share'];
FreshRSS_Context::$user_conf->save();
invalidateHttpCache();
@@ -282,7 +282,7 @@ class FreshRSS_configure_Controller extends Minz_ActionController {
foreach (FreshRSS_Context::$user_conf->queries as $key => $query) {
$queries[$key] = new FreshRSS_UserQuery($query, $feed_dao, $category_dao);
}
$params = Minz_Request::params();
$params = Minz_Request::fetchGET();
$params['url'] = Minz_Url::display(array('params' => $params));
$params['name'] = _t('conf.query.number', count($queries) + 1);
$queries[] = new FreshRSS_UserQuery($params, $feed_dao, $category_dao);