valvin
/
ttrss
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

require CSRF token for Article/redirect

This commit is contained in:
Andrew Dolgov 2020-09-15 15:35:50 +03:00
parent 7e50c6c4b5
commit e670ac2ee5
2 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
classes/article.php
View File

@ -2,7 +2,7 @@
class Article extends Handler_Protected {
function csrf_ignore($method) {
$csrf_ignored = array("redirect", "editarticletags");
$csrf_ignored = array("editarticletags");
return array_search($method, $csrf_ignored) !== false;
}

4
js/Article.js
View File

@ -133,9 +133,11 @@ const Article = {
openInNewWindow: function (id) {
const w = window.open("");
/* global __csrf_token */
if (w) {
w.opener = null;
w.location = "backend.php?op=article&method=redirect&id=" + id;
w.location = "backend.php?op=article&method=redirect&id=" + id + "&csrf_token=" + __csrf_token;
Headlines.toggleUnread(id, 0);
}