mirror of
https://github.com/Mibew/mibew.git
synced 2025-02-12 10:31:09 +03:00
Don't call set_csrf_token() function in controllers
This commit is contained in:
Dmitriy Simushev
parent
b56881bf01
commit
1a358c2f09
@ -38,8 +38,6 @@ class BanController extends AbstractController
|
|||||||
*/
|
*/
|
||||||
public function indexAction(Request $request)
|
public function indexAction(Request $request)
|
||||||
{
|
{
|
||||||
set_csrf_token();
|
|
||||||
|
|
||||||
$operator = $this->getOperator();
|
$operator = $this->getOperator();
|
||||||
$page = array(
|
$page = array(
|
||||||
'errors' => array(),
|
'errors' => array(),
|
||||||
@ -108,8 +106,6 @@ class BanController extends AbstractController
|
|||||||
*/
|
*/
|
||||||
public function showEditFormAction(Request $request)
|
public function showEditFormAction(Request $request)
|
||||||
{
|
{
|
||||||
set_csrf_token();
|
|
||||||
|
|
||||||
$operator = $this->getOperator();
|
$operator = $this->getOperator();
|
||||||
|
|
||||||
$page = array(
|
$page = array(
|
||||||
|
|||||||
@ -35,8 +35,6 @@ class CannedMessageController extends AbstractController
|
|||||||
*/
|
*/
|
||||||
public function indexAction(Request $request)
|
public function indexAction(Request $request)
|
||||||
{
|
{
|
||||||
set_csrf_token();
|
|
||||||
|
|
||||||
$operator = $this->getOperator();
|
$operator = $this->getOperator();
|
||||||
$page = array(
|
$page = array(
|
||||||
'errors' => array(),
|
'errors' => array(),
|
||||||
@ -145,8 +143,6 @@ class CannedMessageController extends AbstractController
|
|||||||
*/
|
*/
|
||||||
public function showEditFormAction(Request $request)
|
public function showEditFormAction(Request $request)
|
||||||
{
|
{
|
||||||
set_csrf_token();
|
|
||||||
|
|
||||||
$operator = $this->getOperator();
|
$operator = $this->getOperator();
|
||||||
$message_id = $request->attributes->getInt('message_id');
|
$message_id = $request->attributes->getInt('message_id');
|
||||||
$page = array(
|
$page = array(
|
||||||
|
|||||||
@ -35,8 +35,6 @@ class ManagementController extends AbstractController
|
|||||||
*/
|
*/
|
||||||
public function indexAction(Request $request)
|
public function indexAction(Request $request)
|
||||||
{
|
{
|
||||||
set_csrf_token();
|
|
||||||
|
|
||||||
$operator = $this->getOperator();
|
$operator = $this->getOperator();
|
||||||
$page = array(
|
$page = array(
|
||||||
'errors' => array(),
|
'errors' => array(),
|
||||||
|
|||||||
@ -37,8 +37,6 @@ class MembersController extends AbstractController
|
|||||||
*/
|
*/
|
||||||
public function showFormAction(Request $request)
|
public function showFormAction(Request $request)
|
||||||
{
|
{
|
||||||
set_csrf_token();
|
|
||||||
|
|
||||||
$operator = $this->getOperator();
|
$operator = $this->getOperator();
|
||||||
$group_id = $request->attributes->getInt('group_id');
|
$group_id = $request->attributes->getInt('group_id');
|
||||||
|
|
||||||
|
|||||||
@ -38,8 +38,6 @@ class SettingsController extends AbstractController
|
|||||||
*/
|
*/
|
||||||
public function showFormAction(Request $request)
|
public function showFormAction(Request $request)
|
||||||
{
|
{
|
||||||
set_csrf_token();
|
|
||||||
|
|
||||||
$operator = $this->getOperator();
|
$operator = $this->getOperator();
|
||||||
$group_id = $request->attributes->getInt('group_id');
|
$group_id = $request->attributes->getInt('group_id');
|
||||||
|
|
||||||
|
|||||||
@ -35,8 +35,6 @@ class LocaleController extends AbstractController
|
|||||||
*/
|
*/
|
||||||
public function indexAction(Request $request)
|
public function indexAction(Request $request)
|
||||||
{
|
{
|
||||||
set_csrf_token();
|
|
||||||
|
|
||||||
$operator = $this->getOperator();
|
$operator = $this->getOperator();
|
||||||
$page = array(
|
$page = array(
|
||||||
// Use errors list stored in the request. We need to do so to have
|
// Use errors list stored in the request. We need to do so to have
|
||||||
|
|||||||
@ -118,8 +118,6 @@ class TranslationController extends AbstractController
|
|||||||
*/
|
*/
|
||||||
public function showEditFormAction(Request $request)
|
public function showEditFormAction(Request $request)
|
||||||
{
|
{
|
||||||
set_csrf_token();
|
|
||||||
|
|
||||||
$operator = $this->getOperator();
|
$operator = $this->getOperator();
|
||||||
$string_id = $request->attributes->get('string_id');
|
$string_id = $request->attributes->get('string_id');
|
||||||
$string = $this->loadString($string_id);
|
$string = $this->loadString($string_id);
|
||||||
|
|||||||
@ -37,7 +37,6 @@ class TranslationExportController extends AbstractController
|
|||||||
*/
|
*/
|
||||||
public function showFormAction(Request $request)
|
public function showFormAction(Request $request)
|
||||||
{
|
{
|
||||||
set_csrf_token();
|
|
||||||
$operator = $this->getOperator();
|
$operator = $this->getOperator();
|
||||||
|
|
||||||
$target = $request->request->get('target');
|
$target = $request->request->get('target');
|
||||||
|
|||||||
@ -35,7 +35,6 @@ class TranslationImportController extends AbstractController
|
|||||||
*/
|
*/
|
||||||
public function showFormAction(Request $request)
|
public function showFormAction(Request $request)
|
||||||
{
|
{
|
||||||
set_csrf_token();
|
|
||||||
$operator = $this->getOperator();
|
$operator = $this->getOperator();
|
||||||
|
|
||||||
$target = $request->request->get('target');
|
$target = $request->request->get('target');
|
||||||
|
|||||||
@ -34,8 +34,6 @@ class LoginController extends AbstractController
|
|||||||
*/
|
*/
|
||||||
public function showFormAction(Request $request)
|
public function showFormAction(Request $request)
|
||||||
{
|
{
|
||||||
set_csrf_token();
|
|
||||||
|
|
||||||
// Check if the operator already logged in
|
// Check if the operator already logged in
|
||||||
if ($this->getOperator()) {
|
if ($this->getOperator()) {
|
||||||
// Redirect the operator to home page.
|
// Redirect the operator to home page.
|
||||||
|
|||||||
@ -74,8 +74,6 @@ class MailTemplateController extends AbstractController
|
|||||||
*/
|
*/
|
||||||
public function showEditFormAction(Request $request)
|
public function showEditFormAction(Request $request)
|
||||||
{
|
{
|
||||||
set_csrf_token();
|
|
||||||
|
|
||||||
$operator = $this->getOperator();
|
$operator = $this->getOperator();
|
||||||
$lang = $this->extractLocale($request);
|
$lang = $this->extractLocale($request);
|
||||||
$template_name = $request->attributes->get('name');
|
$template_name = $request->attributes->get('name');
|
||||||
|
|||||||
@ -38,8 +38,6 @@ class AvatarController extends AbstractController
|
|||||||
*/
|
*/
|
||||||
public function showFormAction(Request $request)
|
public function showFormAction(Request $request)
|
||||||
{
|
{
|
||||||
set_csrf_token();
|
|
||||||
|
|
||||||
$operator = $this->getOperator();
|
$operator = $this->getOperator();
|
||||||
$op_id = $request->attributes->get('operator_id');
|
$op_id = $request->attributes->get('operator_id');
|
||||||
$page = array(
|
$page = array(
|
||||||
|
|||||||
@ -37,8 +37,6 @@ class GroupsController extends AbstractController
|
|||||||
*/
|
*/
|
||||||
public function showFormAction(Request $request)
|
public function showFormAction(Request $request)
|
||||||
{
|
{
|
||||||
set_csrf_token();
|
|
||||||
|
|
||||||
$operator = $this->getOperator();
|
$operator = $this->getOperator();
|
||||||
$operator_in_isolation = in_isolation($operator);
|
$operator_in_isolation = in_isolation($operator);
|
||||||
$op_id = $request->attributes->getInt('operator_id');
|
$op_id = $request->attributes->getInt('operator_id');
|
||||||
|
|||||||
@ -35,8 +35,6 @@ class ManagementController extends AbstractController
|
|||||||
*/
|
*/
|
||||||
public function indexAction(Request $request)
|
public function indexAction(Request $request)
|
||||||
{
|
{
|
||||||
set_csrf_token();
|
|
||||||
|
|
||||||
$operator = $this->getOperator();
|
$operator = $this->getOperator();
|
||||||
$page = array(
|
$page = array(
|
||||||
// Use errors list stored in the request. We need to do so to have
|
// Use errors list stored in the request. We need to do so to have
|
||||||
|
|||||||
@ -37,8 +37,6 @@ class PermissionsController extends AbstractController
|
|||||||
*/
|
*/
|
||||||
public function showFormAction(Request $request)
|
public function showFormAction(Request $request)
|
||||||
{
|
{
|
||||||
set_csrf_token();
|
|
||||||
|
|
||||||
$operator = $this->getOperator();
|
$operator = $this->getOperator();
|
||||||
$op_id = $request->attributes->get('operator_id');
|
$op_id = $request->attributes->get('operator_id');
|
||||||
|
|
||||||
|
|||||||
@ -38,8 +38,6 @@ class ProfileController extends AbstractController
|
|||||||
*/
|
*/
|
||||||
public function showFormAction(Request $request)
|
public function showFormAction(Request $request)
|
||||||
{
|
{
|
||||||
set_csrf_token();
|
|
||||||
|
|
||||||
$operator = $this->getOperator();
|
$operator = $this->getOperator();
|
||||||
$page = array(
|
$page = array(
|
||||||
'opid' => false,
|
'opid' => false,
|
||||||
|
|||||||
@ -38,8 +38,6 @@ class PasswordRecoveryController extends AbstractController
|
|||||||
*/
|
*/
|
||||||
public function indexAction(Request $request)
|
public function indexAction(Request $request)
|
||||||
{
|
{
|
||||||
set_csrf_token();
|
|
||||||
|
|
||||||
if ($this->getOperator()) {
|
if ($this->getOperator()) {
|
||||||
// If the operator is logged in just redirect him to the home page.
|
// If the operator is logged in just redirect him to the home page.
|
||||||
return $this->redirect($request->getUriForPath('/operator'));
|
return $this->redirect($request->getUriForPath('/operator'));
|
||||||
@ -132,8 +130,6 @@ class PasswordRecoveryController extends AbstractController
|
|||||||
*/
|
*/
|
||||||
public function resetAction(Request $request)
|
public function resetAction(Request $request)
|
||||||
{
|
{
|
||||||
set_csrf_token();
|
|
||||||
|
|
||||||
$page = array(
|
$page = array(
|
||||||
'version' => MIBEW_VERSION,
|
'version' => MIBEW_VERSION,
|
||||||
'showform' => true,
|
'showform' => true,
|
||||||
|
|||||||
@ -38,8 +38,6 @@ class PluginController extends AbstractController
|
|||||||
*/
|
*/
|
||||||
public function indexAction(Request $request)
|
public function indexAction(Request $request)
|
||||||
{
|
{
|
||||||
set_csrf_token();
|
|
||||||
|
|
||||||
$page = array(
|
$page = array(
|
||||||
// Use errors list stored in the request. We need to do so to have
|
// Use errors list stored in the request. We need to do so to have
|
||||||
// an ability to pass errors from another actions.
|
// an ability to pass errors from another actions.
|
||||||
|
|||||||
@ -41,8 +41,6 @@ class CommonController extends AbstractController
|
|||||||
*/
|
*/
|
||||||
public function showFormAction(Request $request)
|
public function showFormAction(Request $request)
|
||||||
{
|
{
|
||||||
set_csrf_token();
|
|
||||||
|
|
||||||
$operator = $this->getOperator();
|
$operator = $this->getOperator();
|
||||||
|
|
||||||
$page = array(
|
$page = array(
|
||||||
|
|||||||
@ -35,8 +35,6 @@ class FeaturesController extends AbstractController
|
|||||||
*/
|
*/
|
||||||
public function showFormAction(Request $request)
|
public function showFormAction(Request $request)
|
||||||
{
|
{
|
||||||
set_csrf_token();
|
|
||||||
|
|
||||||
$operator = $this->getOperator();
|
$operator = $this->getOperator();
|
||||||
$page = array(
|
$page = array(
|
||||||
'agentId' => '',
|
'agentId' => '',
|
||||||
|
|||||||
@ -35,8 +35,6 @@ class PerformanceController extends AbstractController
|
|||||||
*/
|
*/
|
||||||
public function showFormAction(Request $request)
|
public function showFormAction(Request $request)
|
||||||
{
|
{
|
||||||
set_csrf_token();
|
|
||||||
|
|
||||||
$operator = $this->getOperator();
|
$operator = $this->getOperator();
|
||||||
$page = array(
|
$page = array(
|
||||||
'agentId' => '',
|
'agentId' => '',
|
||||||
|
|||||||
@ -57,7 +57,11 @@ function get_csrf_token()
|
|||||||
return $_SESSION[SESSION_PREFIX . 'csrf_token'];
|
return $_SESSION[SESSION_PREFIX . 'csrf_token'];
|
||||||
}
|
}
|
||||||
|
|
||||||
/* set csrf token */
|
/**
|
||||||
|
* Sets CSRF token.
|
||||||
|
*
|
||||||
|
* This function is internal and should not be used directly in controllers.
|
||||||
|
*/
|
||||||
function set_csrf_token()
|
function set_csrf_token()
|
||||||
{
|
{
|
||||||
if (!isset($_SESSION[SESSION_PREFIX . 'csrf_token'])) {
|
if (!isset($_SESSION[SESSION_PREFIX . 'csrf_token'])) {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user