From 9cf2c5792111570fd831abfad9fc7496995d2e8b Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Mon, 22 Dec 2008 04:33:18 +0000
Subject: Normalize CSRF handling into the access helper.  Probably not the
 best place for it, but it'll do for now.

Do CSRF checking in the Admin controller so that we're safe across the
board on the admin side.
---
 core/controllers/admin.php           | 4 ++++
 core/controllers/admin_dashboard.php | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

(limited to 'core/controllers')

diff --git a/core/controllers/admin.php b/core/controllers/admin.php
index 2a6bae7e..6e44c54e 100644
--- a/core/controllers/admin.php
+++ b/core/controllers/admin.php
@@ -33,6 +33,10 @@ class Admin_Controller extends Controller {
   }
 
   public function __call($controller_name, $args) {
+    if (request::method() == "post") {
+      access::verify_csrf();
+    }
+
     if ($controller_name == "index") {
       $controller_name = "dashboard";
     }
diff --git a/core/controllers/admin_dashboard.php b/core/controllers/admin_dashboard.php
index a29c2167..13ec5d82 100644
--- a/core/controllers/admin_dashboard.php
+++ b/core/controllers/admin_dashboard.php
@@ -19,7 +19,7 @@
  */
 class Admin_Dashboard_Controller extends Admin_Controller {
   public function index() {
-    return $this->theme()->dashboard_blocks();
+    return $this->theme()->admin_dashboard_blocks();
   }
 }
 
-- 
cgit v1.2.3