Congegni/sintonia
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

SAAS-1062 - more work on podcasting frontend

Browse source
This commit is contained in:
Duncan Sommerville 2015-09-18 18:29:50 -04:00
parent a6450353e5
commit 0710accbe2
6 changed files with 48 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

6
airtime_mvc/application/controllers/plugins/Acl_plugin.php
View file

@ -169,6 +169,12 @@ class Zend_Controller_Plugin_Acl extends Zend_Controller_Plugin_Abstract
// we need to check the CSRF token
if ($_SERVER['REQUEST_METHOD'] != "GET" && $request->getModuleName() == "rest") {
$token = $request->getParam("csrf_token");
// PUT requests don't parameterize the data in the body, so we can't
// fetch it with getParam or getPost; instead we have to parse the body and
// check for the token in the JSON. (Hopefully we can find a better way to do this) -- Duncan
if (empty($token)) {
$token = json_decode($this->getRequest()->getRawBody(), true)["csrf_token"];
}
$tokenValid = $this->verifyCSRFToken($token);
if (!$tokenValid) {