Congegni
/
libretime
mirror of https://github.com/libretime/libretime.git
7
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Only use API authentication (not session) when validating termination requests

This commit is contained in:
Duncan Sommerville 2015-05-13 17:58:02 -04:00
parent 15bebc6267
commit 9d822b6e8b
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
airtime_mvc/application/controllers/ProvisioningController.php
View File

@ -57,13 +57,16 @@ class ProvisioningController extends Zend_Controller_Action
/** /**
* Delete the Airtime Pro station's files from Amazon S3 * Delete the Airtime Pro station's files from Amazon S3
*
* FIXME: When we deploy this next time, we should ensure that
* this function can only be accessed with POST requests!
*/ */
public function terminateAction() public function terminateAction()
{ {
$this->view->layout()->disableLayout(); $this->view->layout()->disableLayout();
$this->_helper->viewRenderer->setNoRender(true); $this->_helper->viewRenderer->setNoRender(true);
if (!RestAuth::verifyAuth(true, true, $this)) { if (!RestAuth::verifyAuth(true, false, $this)) {
return; return;
} }