diff options
| author | Frédéric Guillot <fred@kanboard.net> | 2014-05-28 15:14:52 -0400 |
|---|---|---|
| committer | Frédéric Guillot <fred@kanboard.net> | 2014-05-28 15:14:52 -0400 |
| commit | 445ef6d1481745cd4e7af7e671f534a25d4495dc (patch) | |
| tree | 7990903e398d77339587595ef5a07df8464f5a2e /app/Controller/Config.php | |
| parent | 75ab09e28b22e9a5676ee912482027926e271515 (diff) | |
Add CSRF protections
Diffstat (limited to 'app/Controller/Config.php')
| -rw-r--r-- | app/Controller/Config.php | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/app/Controller/Config.php b/app/Controller/Config.php index b4a5b8d3..daa57790 100644 --- a/app/Controller/Config.php +++ b/app/Controller/Config.php @@ -76,6 +76,7 @@ class Config extends Base */ public function downloadDb() { + $this->checkCSRFParam(); $this->response->forceDownload('db.sqlite.gz'); $this->response->binary($this->config->downloadDatabase()); } @@ -87,6 +88,7 @@ class Config extends Base */ public function optimizeDb() { + $this->checkCSRFParam(); $this->config->optimizeDatabase(); $this->session->flash(t('Database optimization done.')); $this->response->redirect('?controller=config'); @@ -99,6 +101,7 @@ class Config extends Base */ public function tokens() { + $this->checkCSRFParam(); $this->config->regenerateTokens(); $this->session->flash(t('All tokens have been regenerated.')); $this->response->redirect('?controller=config'); @@ -111,6 +114,7 @@ class Config extends Base */ public function removeRememberMeToken() { + $this->checkCSRFParam(); $this->rememberMe->remove($this->request->getIntegerParam('id')); $this->response->redirect('?controller=config&action=index#remember-me'); } |