banananetwork
/
tt-rss
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

require CSRF token for Article/redirect

Browse Source
master
Andrew Dolgov 4 years ago
parent 7e50c6c4b5
commit e670ac2ee5
2 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File

2
classes/article.php
Unescape Escape View File

@ -2,7 +2,7 @@
class Article extends Handler_Protected { class Article extends Handler_Protected {
function csrf_ignore($method) { function csrf_ignore($method) {
$csrf_ignored = array("redirect", "editarticletags"); $csrf_ignored = array("editarticletags");
return array_search($method, $csrf_ignored) !== false; return array_search($method, $csrf_ignored) !== false;
} }

4
js/Article.js
Unescape Escape View File

@ -133,9 +133,11 @@ const Article = {
openInNewWindow: function (id) { openInNewWindow: function (id) {
const w = window.open(""); const w = window.open("");
/* global __csrf_token */
if (w) { if (w) {
w.opener = null; w.opener = null;
w.location = "backend.php?op=article&method=redirect&id=" + id; w.location = "backend.php?op=article&method=redirect&id=" + id + "&csrf_token=" + __csrf_token;
Headlines.toggleUnread(id, 0); Headlines.toggleUnread(id, 0);
} }

Write Preview
Loading…
Cancel
Save