friendica
/
friendica
mirror of https://github.com/friendica/friendica
6
0
Fork 1
Code Issues Packages Projects Releases 1 Wiki Activity

Merge pull request #10688 from MrPetovan/task/10672-contact-module-security-token 

Move unsecured GET endpoint handlers before security token check in Module\Contact
This commit is contained in:
Michael Vogel 2021-09-10 18:33:55 +02:00 committed by GitHub
parent 75d3f5094b 8b450be09b
commit e7593dcc1f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/Module/Contact.php
View File

@ -365,6 +365,14 @@ class Contact extends BaseModule
throw new NotFoundException(DI::l10n()->t('Contact not found'));
}
if ($cmd === 'posts') {
return self::getPostsHTML($a, $contact_id);
}
if ($cmd === 'conversations') {
return self::getConversationsHMTL($a, $contact_id, $update);
}
self::checkFormSecurityTokenRedirectOnError('contact/' . $contact_id, 'contact_action', 't');
$cdata = Model\Contact::getPublicAndUserContactID($orig_record['id'], local_user());
@ -440,12 +448,6 @@ class Contact extends BaseModule
DI::baseUrl()->redirect('contact');
// NOTREACHED
}
if ($cmd === 'posts') {
return self::getPostsHTML($a, $contact_id);
}
if ($cmd === 'conversations') {
return self::getConversationsHMTL($a, $contact_id, $update);
}
}
$_SESSION['return_path'] = DI::args()->getQueryString();