improve security by keeping CSRF for every ajax request
Julien Veyssier
parent
9b8b9aa44c
commit
e73789d211
|
|
@ -29,6 +29,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
|
|||
### Fixed
|
||||
- app is now compliant to occ check-code
|
||||
- jshint and jslint in da place
|
||||
- do not put @NoCSRFRequired everywhere in controllers
|
||||
|
||||
## 0.0.4 – 2017-01-17
|
||||
### Added
|
||||
|
|
|
|||
|
|
@ -64,6 +64,7 @@ function globRecursive($path, $find, $recursive=True) {
|
|||
*/
|
||||
function getProgramPath($progname){
|
||||
$path_ar = explode(':',getenv('path'));
|
||||
$path_ar = array_merge($path_ar, explode(':',getenv('PATH')));
|
||||
foreach ($path_ar as $path){
|
||||
$supposed_gpath = $path.'/'.$progname;
|
||||
if (file_exists($supposed_gpath) and
|
||||
|
|
@ -223,9 +224,7 @@ class PageController extends Controller {
|
|||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @NoAdminRequired
|
||||
* @NoCSRFRequired
|
||||
*/
|
||||
public function getgpx($path) {
|
||||
$userFolder = \OC::$server->getUserFolder();
|
||||
|
|
@ -264,9 +263,7 @@ class PageController extends Controller {
|
|||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @NoAdminRequired
|
||||
* @NoCSRFRequired
|
||||
*/
|
||||
public function getfoldergpxs($path, $type) {
|
||||
$userFolder = \OC::$server->getUserFolder();
|
||||
|
|
@ -320,9 +317,7 @@ class PageController extends Controller {
|
|||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @NoAdminRequired
|
||||
* @NoCSRFRequired
|
||||
*/
|
||||
public function savegpx($path, $content) {
|
||||
$userFolder = \OC::$server->getUserFolder();
|
||||
|
|
|
|||
|
|
@ -56,6 +56,7 @@ function globRecursive($path, $find, $recursive=True) {
|
|||
*/
|
||||
function getProgramPath($progname){
|
||||
$path_ar = explode(':',getenv('path'));
|
||||
$path_ar = array_merge($path_ar, explode(':',getenv('PATH')));
|
||||
foreach ($path_ar as $path){
|
||||
$supposed_gpath = $path.'/'.$progname;
|
||||
if (file_exists($supposed_gpath) and
|
||||
|
|
@ -119,7 +120,6 @@ class UtilsController extends Controller {
|
|||
}
|
||||
|
||||
/**
|
||||
* @NoCSRFRequired
|
||||
*/
|
||||
public function deleteExtraSymbol($name) {
|
||||
$filename = str_replace(array('../', '..\\', '/'), '', $name);
|
||||
|
|
@ -140,7 +140,6 @@ class UtilsController extends Controller {
|
|||
}
|
||||
|
||||
/**
|
||||
* @NoCSRFRequired
|
||||
*/
|
||||
public function uploadExtraSymbol($addExtraSymbolName) {
|
||||
$newSymbol = $this->request->getUploadedFile('uploadsymbol');
|
||||
|
|
@ -207,7 +206,6 @@ class UtilsController extends Controller {
|
|||
/**
|
||||
* Add one tile server to the DB for current user
|
||||
* @NoAdminRequired
|
||||
* @NoCSRFRequired
|
||||
*/
|
||||
public function addTileServer($servername, $serverurl) {
|
||||
// first we check it does not already exist
|
||||
|
|
@ -255,7 +253,6 @@ class UtilsController extends Controller {
|
|||
/**
|
||||
* Delete one tile server entry from DB for current user
|
||||
* @NoAdminRequired
|
||||
* @NoCSRFRequired
|
||||
*/
|
||||
public function deleteTileServer($servername) {
|
||||
$sqldel = 'DELETE FROM *PREFIX*gpxedit_tile_servers ';
|
||||
|
|
@ -282,7 +279,6 @@ class UtilsController extends Controller {
|
|||
/**
|
||||
* Save options values to the DB for current user
|
||||
* @NoAdminRequired
|
||||
* @NoCSRFRequired
|
||||
*/
|
||||
public function saveOptionsValues($optionsValues) {
|
||||
// first we check if user already has options values in DB
|
||||
|
|
@ -333,7 +329,6 @@ class UtilsController extends Controller {
|
|||
/**
|
||||
* get options values to the DB for current user
|
||||
* @NoAdminRequired
|
||||
* @NoCSRFRequired
|
||||
*/
|
||||
public function getOptionsValues($optionsValues) {
|
||||
$sqlov = 'SELECT jsonvalues FROM *PREFIX*gpxedit_options_values ';
|
||||
|
|
|
|||
Loading…
Reference in New Issue