Congegni
/
sintonia
7
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Only use API authentication (not session) when validating termination requests

This commit is contained in:
Duncan Sommerville 2015-05-13 17:58:02 -04:00
parent 15bebc6267
commit 9d822b6e8b
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
airtime_mvc/application/controllers/ProvisioningController.php
View File

@ -57,13 +57,16 @@ class ProvisioningController extends Zend_Controller_Action
/**
* Delete the Airtime Pro station's files from Amazon S3
*
* FIXME: When we deploy this next time, we should ensure that
* this function can only be accessed with POST requests!
*/
public function terminateAction()
{
$this->view->layout()->disableLayout();
$this->_helper->viewRenderer->setNoRender(true);
if (!RestAuth::verifyAuth(true, true, $this)) {
if (!RestAuth::verifyAuth(true, false, $this)) {
return;
}