diff options
author | Igor Scheller <igor.scheller@igorshp.de> | 2018-11-20 16:02:03 +0100 |
---|---|---|
committer | msquare <msquare@notrademark.de> | 2018-11-21 19:24:36 +0100 |
commit | 944c29b96429ec95ac1371cb33cc43704a60c7b1 (patch) | |
tree | 7be99e68d8c15fc7e210a4b3ccc44861a8d1de64 /includes/controller/user_angeltypes_controller.php | |
parent | fd37c9d60ea818dc9a562fa88ff5f9a50132506f (diff) |
Require POST for sending forms
* Ensure that the form is submitted with a post request
* Replaced several links with forms
Closes #494 (Security Vulnerability)
Diffstat (limited to 'includes/controller/user_angeltypes_controller.php')
-rw-r--r-- | includes/controller/user_angeltypes_controller.php | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/includes/controller/user_angeltypes_controller.php b/includes/controller/user_angeltypes_controller.php index 4269313d..e03bd293 100644 --- a/includes/controller/user_angeltypes_controller.php +++ b/includes/controller/user_angeltypes_controller.php @@ -59,7 +59,7 @@ function user_angeltypes_delete_all_controller() redirect(page_link_to('angeltypes')); } - if ($request->has('confirmed')) { + if ($request->hasPostData('deny_all')) { UserAngelTypes_delete_all($angeltype['id']); engelsystem_log(sprintf('Denied all users for angeltype %s', AngelType_name_render($angeltype))); @@ -100,7 +100,7 @@ function user_angeltypes_confirm_all_controller() redirect(page_link_to('angeltypes')); } - if ($request->has('confirmed')) { + if ($request->hasPostData('confirm_all')) { UserAngelTypes_confirm_all($angeltype['id'], $user->id); engelsystem_log(sprintf('Confirmed all users for angeltype %s', AngelType_name_render($angeltype))); @@ -152,7 +152,7 @@ function user_angeltype_confirm_controller() redirect(page_link_to('angeltypes')); } - if ($request->has('confirmed')) { + if ($request->hasPostData('confirm_user')) { UserAngelType_confirm($user_angeltype['id'], $user->id); engelsystem_log(sprintf( @@ -212,7 +212,7 @@ function user_angeltype_delete_controller() redirect(page_link_to('angeltypes')); } - if ($request->has('confirmed')) { + if ($request->hasPostData('delete')) { UserAngelType_delete($user_angeltype); $success_message = sprintf(__('User %s removed from %s.'), User_Nick_render($user_source), $angeltype['name']); @@ -274,7 +274,7 @@ function user_angeltype_update_controller() redirect(page_link_to('angeltypes')); } - if ($request->has('confirmed')) { + if ($request->hasPostData('submit')) { UserAngelType_update($user_angeltype['id'], $supporter); $success_message = sprintf( @@ -318,7 +318,7 @@ function user_angeltype_add_controller() // Load possible users, that are not in the angeltype already $users_source = Users_by_angeltype_inverted($angeltype); - if (request()->has('submit')) { + if (request()->hasPostData('submit')) { $user_source = load_user(); if (!UserAngelType_exists($user_source->id, $angeltype)) { @@ -369,7 +369,7 @@ function user_angeltype_join_controller($angeltype) redirect(page_link_to('angeltypes')); } - if (request()->has('confirmed')) { + if (request()->hasPostData('submit')) { $user_angeltype_id = UserAngelType_create($user->id, $angeltype); $success_message = sprintf(__('You joined %s.'), $angeltype['name']); |