Congegni/sintonia
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Improvements to the preferences screen

Browse source
This commit is contained in:
Albert Santoni 2015-09-23 18:21:30 -04:00
parent 13d1534042
commit a86e3ed4a8
3 changed files with 32 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

12
airtime_mvc/application/controllers/PreferenceController.php
View file

@ -134,6 +134,12 @@ class PreferenceController extends Zend_Controller_Action
// Remove reliance on .phtml files to render requests
$this->_helper->viewRenderer->setNoRender(true);
if (!SecurityHelper::verifyAjaxCSRFToken($this->_getParam('csrf_token'))) {
Logging::error(__FILE__ . ': Invalid CSRF token');
$this->_helper->json->sendJson(array("jsonrpc" => "2.0", "valid" => false, "error" => "CSRF token did not match."));
return;
}
Application_Model_Preference::SetStationLogo("");
}
@ -479,6 +485,12 @@ class PreferenceController extends Zend_Controller_Action
{
$this->view->layout()->disableLayout();
$this->_helper->viewRenderer->setNoRender(true);
if (!SecurityHelper::verifyAjaxCSRFToken($this->_getParam('csrf_token'))) {
Logging::error(__FILE__ . ': Invalid CSRF token');
$this->_helper->json->sendJson(array("jsonrpc" => "2.0", "valid" => false, "error" => "CSRF token did not match."));
return;
}
// Only admin users should get here through ACL permissioning
// Only allow POST requests