summaryrefslogtreecommitdiff
path: root/app/Controllers/configureController.php
diff options
context:
space:
mode:
authorGravatar Alexandre Alapetite <alexandre@alapetite.fr> 2016-08-13 19:10:32 +0200
committerGravatar Alexandre Alapetite <alexandre@alapetite.fr> 2016-08-13 19:10:32 +0200
commit56ffc115d15bf136bfced74707ccc1f41c7b5e44 (patch)
tree6149b276b06d5d8fe295c020bed842f91c0bcd15 /app/Controllers/configureController.php
parente6fd34bdda5d067a9e74714aaae10c89ed998a46 (diff)
Do not mix POST and GET params
Avoid returning CSRF POST token for a GET
Diffstat (limited to 'app/Controllers/configureController.php')
-rwxr-xr-xapp/Controllers/configureController.php4
1 files changed, 2 insertions, 2 deletions
diff --git a/app/Controllers/configureController.php b/app/Controllers/configureController.php
index d0f0bd68b..147a2fe06 100755
--- a/app/Controllers/configureController.php
+++ b/app/Controllers/configureController.php
@@ -139,7 +139,7 @@ class FreshRSS_configure_Controller extends Minz_ActionController {
*/
public function sharingAction() {
if (Minz_Request::isPost()) {
- $params = Minz_Request::params();
+ $params = Minz_Request::fetchGET();
FreshRSS_Context::$user_conf->sharing = $params['share'];
FreshRSS_Context::$user_conf->save();
invalidateHttpCache();
@@ -282,7 +282,7 @@ class FreshRSS_configure_Controller extends Minz_ActionController {
foreach (FreshRSS_Context::$user_conf->queries as $key => $query) {
$queries[$key] = new FreshRSS_UserQuery($query, $feed_dao, $category_dao);
}
- $params = Minz_Request::params();
+ $params = Minz_Request::fetchGET();
$params['url'] = Minz_Url::display(array('params' => $params));
$params['name'] = _t('conf.query.number', count($queries) + 1);
$queries[] = new FreshRSS_UserQuery($params, $feed_dao, $category_dao);
generated by cgit v1.2.3 (git 2.39.1) at 2026-02-10 13:53:04 +0000