aboutsummaryrefslogtreecommitdiff
path: root/app/FreshRSS.php
diff options
context:
space:
mode:
authorGravatar Alexandre Alapetite <alexandre@alapetite.fr> 2016-08-13 21:35:34 +0200
committerGravatar Alexandre Alapetite <alexandre@alapetite.fr> 2016-08-13 21:35:34 +0200
commit0c4add69132ac69bba76091e4301b949e5428914 (patch)
tree5cb10e0ee6f3a917d321679aec911bfd647a5bfb /app/FreshRSS.php
parentd9e14621b5a0de1c189486bbc8c18a7b007d6965 (diff)
parentcda414ff0f142d180c616eca1e08204e7c9c6ef9 (diff)
Merge conflicts
https://github.com/FreshRSS/FreshRSS/pull/1172
Diffstat (limited to 'app/FreshRSS.php')
-rw-r--r--app/FreshRSS.php10
1 files changed, 1 insertions, 9 deletions
diff --git a/app/FreshRSS.php b/app/FreshRSS.php
index b1c01478f..6b36c87f4 100644
--- a/app/FreshRSS.php
+++ b/app/FreshRSS.php
@@ -57,7 +57,7 @@ class FreshRSS extends Minz_FrontController {
private static function initAuth() {
FreshRSS_Auth::init();
- if (Minz_Request::isPost() && !is_referer_from_same_domain()) {
+ if (Minz_Request::isPost() && !(is_referer_from_same_domain() && FreshRSS_Auth::isCsrfOk())) {
// Basic protection against XSRF attacks
FreshRSS_Auth::removeAccess();
$http_referer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER'];
@@ -99,14 +99,6 @@ class FreshRSS extends Minz_FrontController {
Minz_View::appendScript(Minz_Url::display('/scripts/jquery.sticky-kit.min.js?' . @filemtime(PUBLIC_PATH . '/scripts/jquery.sticky-kit.min.js')));
Minz_View::appendScript(Minz_Url::display('/scripts/shortcut.js?' . @filemtime(PUBLIC_PATH . '/scripts/shortcut.js')));
Minz_View::appendScript(Minz_Url::display('/scripts/main.js?' . @filemtime(PUBLIC_PATH . '/scripts/main.js')));
-
- if (FreshRSS_Context::$system_conf->auth_type === 'persona') {
- // TODO move it in a plugin
- // Needed for login AND logout with Persona.
- Minz_View::appendScript('https://login.persona.org/include.js');
- $file_mtime = @filemtime(PUBLIC_PATH . '/scripts/persona.js');
- Minz_View::appendScript(Minz_Url::display('/scripts/persona.js?' . $file_mtime));
- }
}
private static function loadNotifications() {