AS1024/Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add missing CSRF checks

Browse Source
This commit is contained in:
Frédéric Guillot
2021-06-05 14:33:19 -07:00
committed by fguillot
parent 41102ec161
commit 71123b0f37
23 changed files with 58 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/Controller/WebNotificationController.php
View File

@@ -34,6 +34,7 @@ class WebNotificationController extends BaseController
*/
public function flush()
{
$this->checkReusableGETCSRFParam();
$userId = $this->getUserId();
$this->userUnreadNotificationModel->markAllAsRead($userId);
$this->show();
@@ -46,6 +47,7 @@ class WebNotificationController extends BaseController
*/
public function remove()
{
$this->checkReusableGETCSRFParam();
$user_id = $this->getUserId();
$notification_id = $this->request->getIntegerParam('notification_id');
$this->userUnreadNotificationModel->markAsRead($user_id, $notification_id);