From 445ef6d1481745cd4e7af7e671f534a25d4495dc Mon Sep 17 00:00:00 2001 From: Frédéric Guillot Date: Wed, 28 May 2014 15:14:52 -0400 Subject: Add CSRF protections --- app/Controller/Project.php | 18 +++++------------- 1 file changed, 5 insertions(+), 13 deletions(-) (limited to 'app/Controller/Project.php') diff --git a/app/Controller/Project.php b/app/Controller/Project.php index e539f364..0de67691 100644 --- a/app/Controller/Project.php +++ b/app/Controller/Project.php @@ -12,19 +12,6 @@ use Model\Task as TaskModel; */ class Project extends Base { - /** - * Display access forbidden page - * - * @access public - */ - public function forbidden() - { - $this->response->html($this->template->layout('project_forbidden', array( - 'menu' => 'projects', - 'title' => t('Access Forbidden') - ))); - } - /** * Task search for a given project * @@ -254,6 +241,7 @@ class Project extends Base */ public function remove() { + $this->checkCSRFParam(); $project_id = $this->request->getIntegerParam('project_id'); if ($project_id && $this->project->remove($project_id)) { @@ -272,6 +260,7 @@ class Project extends Base */ public function enable() { + $this->checkCSRFParam(); $project_id = $this->request->getIntegerParam('project_id'); if ($project_id && $this->project->enable($project_id)) { @@ -290,6 +279,7 @@ class Project extends Base */ public function disable() { + $this->checkCSRFParam(); $project_id = $this->request->getIntegerParam('project_id'); if ($project_id && $this->project->disable($project_id)) { @@ -353,6 +343,8 @@ class Project extends Base */ public function revoke() { + $this->checkCSRFParam(); + $values = array( 'project_id' => $this->request->getIntegerParam('project_id'), 'user_id' => $this->request->getIntegerParam('user_id'), -- cgit v1.2.3