diff options
| author | Bharat Mediratta <bharat@menalto.com> | 2009-01-04 01:27:24 +0000 |
|---|---|---|
| committer | Bharat Mediratta <bharat@menalto.com> | 2009-01-04 01:27:24 +0000 |
| commit | 3c768e1c59971475c0265d209939f6ebfa0f50d2 (patch) | |
| tree | 727cde1b0b0dd8b7dfad63c6e860736018eaf992 /core | |
| parent | d36996fb140d8a2f8d51116236b2828d1efedb65 (diff) | |
Require CSRF for any non-"get" action.
Diffstat (limited to 'core')
| -rw-r--r-- | core/controllers/rest.php | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/core/controllers/rest.php b/core/controllers/rest.php index ceca321e..b91bb0d0 100644 --- a/core/controllers/rest.php +++ b/core/controllers/rest.php @@ -86,6 +86,10 @@ class REST_Controller extends Controller { return Kohana::show_404(); } + if ($request_method != "get") { + access::verify_csrf(); + } + switch ($request_method) { case "get": return $this->_show($resource); |