diff options
| author |  Alexandre Alapetite <alexandre@alapetite.fr>
| 2016-08-29 19:52:52 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2016-08-29 19:52:52 +0200 |
| commit | 17c8c039df675b3b0f8d88d14f7316a240eabe76 (patch) | |
| tree | 3dd3da3e8f21b5e82905f756098b86e0d15b3935 /app/FreshRSS.php | |
| parent | 92d4ad32c9eb165dee6dc6d4b8cf510428dde9ec (diff) | |
| parent | aea7cd78367ef867cdac7082ac1e9f61c4de7e19 (diff) | |
Merge pull request #1233 from FreshRSS/dev1.5.0
Release 1.5.0
Diffstat (limited to 'app/FreshRSS.php')
| -rw-r--r-- | app/FreshRSS.php | 10 |
1 files changed, 1 insertions, 9 deletions
diff --git a/app/FreshRSS.php b/app/FreshRSS.php index 4933892bc..f9c371d27 100644 --- a/app/FreshRSS.php +++ b/app/FreshRSS.php @@ -57,7 +57,7 @@ class FreshRSS extends Minz_FrontController { private static function initAuth() { FreshRSS_Auth::init(); - if (Minz_Request::isPost() && !is_referer_from_same_domain()) { + if (Minz_Request::isPost() && !(is_referer_from_same_domain() && FreshRSS_Auth::isCsrfOk())) { // Basic protection against XSRF attacks FreshRSS_Auth::removeAccess(); $http_referer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER']; @@ -98,14 +98,6 @@ class FreshRSS extends Minz_FrontController { Minz_View::appendScript(Minz_Url::display('/scripts/jquery.min.js?' . @filemtime(PUBLIC_PATH . '/scripts/jquery.min.js'))); Minz_View::appendScript(Minz_Url::display('/scripts/shortcut.js?' . @filemtime(PUBLIC_PATH . '/scripts/shortcut.js'))); Minz_View::appendScript(Minz_Url::display('/scripts/main.js?' . @filemtime(PUBLIC_PATH . '/scripts/main.js'))); - - if (FreshRSS_Context::$system_conf->auth_type === 'persona') { - // TODO move it in a plugin - // Needed for login AND logout with Persona. - Minz_View::appendScript('https://login.persona.org/include.js'); - $file_mtime = @filemtime(PUBLIC_PATH . '/scripts/persona.js'); - Minz_View::appendScript(Minz_Url::display('/scripts/persona.js?' . $file_mtime)); - } } private static function loadNotifications() { |