public/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/git/tt-rss.git synced 2025-12-19 02:21:30 +00:00
Code Issues Releases Wiki Activity

require CSRF token for Article/redirect

Browse Source
This commit is contained in:
Andrew Dolgov
2020-09-15 15:35:50 +03:00
parent 7e50c6c4b5
commit e670ac2ee5
2 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
classes/article.php
View File

@@ -2,7 +2,7 @@
class Article extends Handler_Protected { class Article extends Handler_Protected {
function csrf_ignore($method) { function csrf_ignore($method) {
$csrf_ignored = array("redirect", "editarticletags"); $csrf_ignored = array("editarticletags");
return array_search($method, $csrf_ignored) !== false; return array_search($method, $csrf_ignored) !== false;
} }

4
js/Article.js
View File

@@ -133,9 +133,11 @@ const Article = {
openInNewWindow: function (id) { openInNewWindow: function (id) {
const w = window.open(""); const w = window.open("");
/* global __csrf_token */
if (w) { if (w) {
w.opener = null; w.opener = null;
w.location = "backend.php?op=article&method=redirect&id=" + id; w.location = "backend.php?op=article&method=redirect&id=" + id + "&csrf_token=" + __csrf_token;
Headlines.toggleUnread(id, 0); Headlines.toggleUnread(id, 0);
} }