diff options
| author | Bharat Mediratta <bharat@menalto.com> | 2008-12-22 04:33:18 +0000 |
|---|---|---|
| committer | Bharat Mediratta <bharat@menalto.com> | 2008-12-22 04:33:18 +0000 |
| commit | 9cf2c5792111570fd831abfad9fc7496995d2e8b (patch) | |
| tree | ae386819b6ecba9a9f7f1835db9e543f0ae8ae3b /core/controllers | |
| parent | 685a5ca1e1b94cc1a817d699f4223d139689f7cb (diff) | |
Normalize CSRF handling into the access helper. Probably not the best
place for it, but it'll do for now.
Do CSRF checking in the Admin controller so that we're safe across the
board on the admin side.
Diffstat (limited to 'core/controllers')
| -rw-r--r-- | core/controllers/admin.php | 4 | ||||
| -rw-r--r-- | core/controllers/admin_dashboard.php | 2 |
2 files changed, 5 insertions, 1 deletions
diff --git a/core/controllers/admin.php b/core/controllers/admin.php index 2a6bae7e..6e44c54e 100644 --- a/core/controllers/admin.php +++ b/core/controllers/admin.php @@ -33,6 +33,10 @@ class Admin_Controller extends Controller { } public function __call($controller_name, $args) { + if (request::method() == "post") { + access::verify_csrf(); + } + if ($controller_name == "index") { $controller_name = "dashboard"; } diff --git a/core/controllers/admin_dashboard.php b/core/controllers/admin_dashboard.php index a29c2167..13ec5d82 100644 --- a/core/controllers/admin_dashboard.php +++ b/core/controllers/admin_dashboard.php @@ -19,7 +19,7 @@ */ class Admin_Dashboard_Controller extends Admin_Controller { public function index() { - return $this->theme()->dashboard_blocks(); + return $this->theme()->admin_dashboard_blocks(); } } |