diff options
| author | Bharat Mediratta <bharat@menalto.com> | 2008-12-22 04:33:18 +0000 |
|---|---|---|
| committer | Bharat Mediratta <bharat@menalto.com> | 2008-12-22 04:33:18 +0000 |
| commit | 9cf2c5792111570fd831abfad9fc7496995d2e8b (patch) | |
| tree | ae386819b6ecba9a9f7f1835db9e543f0ae8ae3b /core/controllers/admin.php | |
| parent | 685a5ca1e1b94cc1a817d699f4223d139689f7cb (diff) | |
Normalize CSRF handling into the access helper. Probably not the best
place for it, but it'll do for now.
Do CSRF checking in the Admin controller so that we're safe across the
board on the admin side.
Diffstat (limited to 'core/controllers/admin.php')
| -rw-r--r-- | core/controllers/admin.php | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/core/controllers/admin.php b/core/controllers/admin.php index 2a6bae7e..6e44c54e 100644 --- a/core/controllers/admin.php +++ b/core/controllers/admin.php @@ -33,6 +33,10 @@ class Admin_Controller extends Controller { } public function __call($controller_name, $args) { + if (request::method() == "post") { + access::verify_csrf(); + } + if ($controller_name == "index") { $controller_name = "dashboard"; } |