diff options
| author | Igor Scheller <igor.scheller@igorshp.de> | 2018-11-20 16:02:03 +0100 |
|---|---|---|
| committer | msquare <msquare@notrademark.de> | 2018-11-21 19:24:36 +0100 |
| commit | 944c29b96429ec95ac1371cb33cc43704a60c7b1 (patch) | |
| tree | 7be99e68d8c15fc7e210a4b3ccc44861a8d1de64 /includes/controller/angeltypes_controller.php | |
| parent | fd37c9d60ea818dc9a562fa88ff5f9a50132506f (diff) | |
Require POST for sending forms
* Ensure that the form is submitted with a post request
* Replaced several links with forms
Closes #494 (Security Vulnerability)
Diffstat (limited to 'includes/controller/angeltypes_controller.php')
| -rw-r--r-- | includes/controller/angeltypes_controller.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/includes/controller/angeltypes_controller.php b/includes/controller/angeltypes_controller.php index 82cbf935..821d101a 100644 --- a/includes/controller/angeltypes_controller.php +++ b/includes/controller/angeltypes_controller.php @@ -86,7 +86,7 @@ function angeltype_delete_controller() $angeltype = load_angeltype(); - if (request()->has('confirmed')) { + if (request()->hasPostData('delete')) { AngelType_delete($angeltype); success(sprintf(__('Angeltype %s deleted.'), AngelType_name_render($angeltype))); redirect(page_link_to('angeltypes')); @@ -127,7 +127,7 @@ function angeltype_edit_controller() $angeltype = AngelType_new(); } - if ($request->has('submit')) { + if ($request->hasPostData('submit')) { $valid = true; if (!$supporter_mode) { |