mirror of
https://github.com/Mibew/mibew.git
synced 2025-01-31 05:20:30 +03:00
Don't call set_csrf_token() function in controllers
This commit is contained in:
Dmitriy Simushev
parent
b56881bf01
commit
1a358c2f09
@ -38,8 +38,6 @@ class BanController extends AbstractController
|
||||
*/
|
||||
public function indexAction(Request $request)
|
||||
{
|
||||
set_csrf_token();
|
||||
|
||||
$operator = $this->getOperator();
|
||||
$page = array(
|
||||
'errors' => array(),
|
||||
@ -108,8 +106,6 @@ class BanController extends AbstractController
|
||||
*/
|
||||
public function showEditFormAction(Request $request)
|
||||
{
|
||||
set_csrf_token();
|
||||
|
||||
$operator = $this->getOperator();
|
||||
|
||||
$page = array(
|
||||
|
||||
@ -35,8 +35,6 @@ class CannedMessageController extends AbstractController
|
||||
*/
|
||||
public function indexAction(Request $request)
|
||||
{
|
||||
set_csrf_token();
|
||||
|
||||
$operator = $this->getOperator();
|
||||
$page = array(
|
||||
'errors' => array(),
|
||||
@ -145,8 +143,6 @@ class CannedMessageController extends AbstractController
|
||||
*/
|
||||
public function showEditFormAction(Request $request)
|
||||
{
|
||||
set_csrf_token();
|
||||
|
||||
$operator = $this->getOperator();
|
||||
$message_id = $request->attributes->getInt('message_id');
|
||||
$page = array(
|
||||
|
||||
@ -35,8 +35,6 @@ class ManagementController extends AbstractController
|
||||
*/
|
||||
public function indexAction(Request $request)
|
||||
{
|
||||
set_csrf_token();
|
||||
|
||||
$operator = $this->getOperator();
|
||||
$page = array(
|
||||
'errors' => array(),
|
||||
|
||||
@ -37,8 +37,6 @@ class MembersController extends AbstractController
|
||||
*/
|
||||
public function showFormAction(Request $request)
|
||||
{
|
||||
set_csrf_token();
|
||||
|
||||
$operator = $this->getOperator();
|
||||
$group_id = $request->attributes->getInt('group_id');
|
||||
|
||||
|
||||
@ -38,8 +38,6 @@ class SettingsController extends AbstractController
|
||||
*/
|
||||
public function showFormAction(Request $request)
|
||||
{
|
||||
set_csrf_token();
|
||||
|
||||
$operator = $this->getOperator();
|
||||
$group_id = $request->attributes->getInt('group_id');
|
||||
|
||||
|
||||
@ -35,8 +35,6 @@ class LocaleController extends AbstractController
|
||||
*/
|
||||
public function indexAction(Request $request)
|
||||
{
|
||||
set_csrf_token();
|
||||
|
||||
$operator = $this->getOperator();
|
||||
$page = array(
|
||||
// Use errors list stored in the request. We need to do so to have
|
||||
|
||||
@ -118,8 +118,6 @@ class TranslationController extends AbstractController
|
||||
*/
|
||||
public function showEditFormAction(Request $request)
|
||||
{
|
||||
set_csrf_token();
|
||||
|
||||
$operator = $this->getOperator();
|
||||
$string_id = $request->attributes->get('string_id');
|
||||
$string = $this->loadString($string_id);
|
||||
|
||||
@ -37,7 +37,6 @@ class TranslationExportController extends AbstractController
|
||||
*/
|
||||
public function showFormAction(Request $request)
|
||||
{
|
||||
set_csrf_token();
|
||||
$operator = $this->getOperator();
|
||||
|
||||
$target = $request->request->get('target');
|
||||
|
||||
@ -35,7 +35,6 @@ class TranslationImportController extends AbstractController
|
||||
*/
|
||||
public function showFormAction(Request $request)
|
||||
{
|
||||
set_csrf_token();
|
||||
$operator = $this->getOperator();
|
||||
|
||||
$target = $request->request->get('target');
|
||||
|
||||
@ -34,8 +34,6 @@ class LoginController extends AbstractController
|
||||
*/
|
||||
public function showFormAction(Request $request)
|
||||
{
|
||||
set_csrf_token();
|
||||
|
||||
// Check if the operator already logged in
|
||||
if ($this->getOperator()) {
|
||||
// Redirect the operator to home page.
|
||||
|
||||
@ -74,8 +74,6 @@ class MailTemplateController extends AbstractController
|
||||
*/
|
||||
public function showEditFormAction(Request $request)
|
||||
{
|
||||
set_csrf_token();
|
||||
|
||||
$operator = $this->getOperator();
|
||||
$lang = $this->extractLocale($request);
|
||||
$template_name = $request->attributes->get('name');
|
||||
|
||||
@ -38,8 +38,6 @@ class AvatarController extends AbstractController
|
||||
*/
|
||||
public function showFormAction(Request $request)
|
||||
{
|
||||
set_csrf_token();
|
||||
|
||||
$operator = $this->getOperator();
|
||||
$op_id = $request->attributes->get('operator_id');
|
||||
$page = array(
|
||||
|
||||
@ -37,8 +37,6 @@ class GroupsController extends AbstractController
|
||||
*/
|
||||
public function showFormAction(Request $request)
|
||||
{
|
||||
set_csrf_token();
|
||||
|
||||
$operator = $this->getOperator();
|
||||
$operator_in_isolation = in_isolation($operator);
|
||||
$op_id = $request->attributes->getInt('operator_id');
|
||||
|
||||
@ -35,8 +35,6 @@ class ManagementController extends AbstractController
|
||||
*/
|
||||
public function indexAction(Request $request)
|
||||
{
|
||||
set_csrf_token();
|
||||
|
||||
$operator = $this->getOperator();
|
||||
$page = array(
|
||||
// Use errors list stored in the request. We need to do so to have
|
||||
|
||||
@ -37,8 +37,6 @@ class PermissionsController extends AbstractController
|
||||
*/
|
||||
public function showFormAction(Request $request)
|
||||
{
|
||||
set_csrf_token();
|
||||
|
||||
$operator = $this->getOperator();
|
||||
$op_id = $request->attributes->get('operator_id');
|
||||
|
||||
|
||||
@ -38,8 +38,6 @@ class ProfileController extends AbstractController
|
||||
*/
|
||||
public function showFormAction(Request $request)
|
||||
{
|
||||
set_csrf_token();
|
||||
|
||||
$operator = $this->getOperator();
|
||||
$page = array(
|
||||
'opid' => false,
|
||||
|
||||
@ -38,8 +38,6 @@ class PasswordRecoveryController extends AbstractController
|
||||
*/
|
||||
public function indexAction(Request $request)
|
||||
{
|
||||
set_csrf_token();
|
||||
|
||||
if ($this->getOperator()) {
|
||||
// If the operator is logged in just redirect him to the home page.
|
||||
return $this->redirect($request->getUriForPath('/operator'));
|
||||
@ -132,8 +130,6 @@ class PasswordRecoveryController extends AbstractController
|
||||
*/
|
||||
public function resetAction(Request $request)
|
||||
{
|
||||
set_csrf_token();
|
||||
|
||||
$page = array(
|
||||
'version' => MIBEW_VERSION,
|
||||
'showform' => true,
|
||||
|
||||
@ -38,8 +38,6 @@ class PluginController extends AbstractController
|
||||
*/
|
||||
public function indexAction(Request $request)
|
||||
{
|
||||
set_csrf_token();
|
||||
|
||||
$page = array(
|
||||
// Use errors list stored in the request. We need to do so to have
|
||||
// an ability to pass errors from another actions.
|
||||
|
||||
@ -41,8 +41,6 @@ class CommonController extends AbstractController
|
||||
*/
|
||||
public function showFormAction(Request $request)
|
||||
{
|
||||
set_csrf_token();
|
||||
|
||||
$operator = $this->getOperator();
|
||||
|
||||
$page = array(
|
||||
|
||||
@ -35,8 +35,6 @@ class FeaturesController extends AbstractController
|
||||
*/
|
||||
public function showFormAction(Request $request)
|
||||
{
|
||||
set_csrf_token();
|
||||
|
||||
$operator = $this->getOperator();
|
||||
$page = array(
|
||||
'agentId' => '',
|
||||
|
||||
@ -35,8 +35,6 @@ class PerformanceController extends AbstractController
|
||||
*/
|
||||
public function showFormAction(Request $request)
|
||||
{
|
||||
set_csrf_token();
|
||||
|
||||
$operator = $this->getOperator();
|
||||
$page = array(
|
||||
'agentId' => '',
|
||||
|
||||
@ -57,7 +57,11 @@ function get_csrf_token()
|
||||
return $_SESSION[SESSION_PREFIX . 'csrf_token'];
|
||||
}
|
||||
|
||||
/* set csrf token */
|
||||
/**
|
||||
* Sets CSRF token.
|
||||
*
|
||||
* This function is internal and should not be used directly in controllers.
|
||||
*/
|
||||
function set_csrf_token()
|
||||
{
|
||||
if (!isset($_SESSION[SESSION_PREFIX . 'csrf_token'])) {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user