Congegni
/
sintonia
7
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove clearAction from the media REST API for security

This commit is contained in:
Albert Santoni 2014-11-20 16:46:21 -05:00
parent c829b6bf95
commit 8ffd70781b
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
airtime_mvc/application/modules/rest/controllers/MediaController.php
View File

@ -78,6 +78,8 @@ class Rest_MediaController extends Zend_Rest_Controller
} }
} }
/* This action is extremely dangerous and a horrible idea without CSRF protection.
public function clearAction() public function clearAction()
{ {
if (!$this->verifyAuth(true, true)) if (!$this->verifyAuth(true, true))
@ -113,6 +115,7 @@ class Rest_MediaController extends Zend_Rest_Controller
->setHttpResponseCode(200) ->setHttpResponseCode(200)
->appendBody("Library has been cleared"); ->appendBody("Library has been cleared");
} }
*/
public function getAction() public function getAction()
{ {