diff options
| author |  Alexandre Alapetite <alexandre@alapetite.fr>
| 2016-08-13 21:35:34 +0200 |
|---|---|---|
| committer | Alexandre Alapetite <alexandre@alapetite.fr>
| 2016-08-13 21:35:34 +0200 |
| commit | 0c4add69132ac69bba76091e4301b949e5428914 (patch) | |
| tree | 5cb10e0ee6f3a917d321679aec911bfd647a5bfb /app/FreshRSS.php | |
| parent | d9e14621b5a0de1c189486bbc8c18a7b007d6965 (diff) | |
| parent | cda414ff0f142d180c616eca1e08204e7c9c6ef9 (diff) | |
Merge conflicts
https://github.com/FreshRSS/FreshRSS/pull/1172
Diffstat (limited to 'app/FreshRSS.php')
| -rw-r--r-- | app/FreshRSS.php | 10 |
1 files changed, 1 insertions, 9 deletions
diff --git a/app/FreshRSS.php b/app/FreshRSS.php index b1c01478f..6b36c87f4 100644 --- a/app/FreshRSS.php +++ b/app/FreshRSS.php @@ -57,7 +57,7 @@ class FreshRSS extends Minz_FrontController { private static function initAuth() { FreshRSS_Auth::init(); - if (Minz_Request::isPost() && !is_referer_from_same_domain()) { + if (Minz_Request::isPost() && !(is_referer_from_same_domain() && FreshRSS_Auth::isCsrfOk())) { // Basic protection against XSRF attacks FreshRSS_Auth::removeAccess(); $http_referer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER']; @@ -99,14 +99,6 @@ class FreshRSS extends Minz_FrontController { Minz_View::appendScript(Minz_Url::display('/scripts/jquery.sticky-kit.min.js?' . @filemtime(PUBLIC_PATH . '/scripts/jquery.sticky-kit.min.js'))); Minz_View::appendScript(Minz_Url::display('/scripts/shortcut.js?' . @filemtime(PUBLIC_PATH . '/scripts/shortcut.js'))); Minz_View::appendScript(Minz_Url::display('/scripts/main.js?' . @filemtime(PUBLIC_PATH . '/scripts/main.js'))); - - if (FreshRSS_Context::$system_conf->auth_type === 'persona') { - // TODO move it in a plugin - // Needed for login AND logout with Persona. - Minz_View::appendScript('https://login.persona.org/include.js'); - $file_mtime = @filemtime(PUBLIC_PATH . '/scripts/persona.js'); - Minz_View::appendScript(Minz_Url::display('/scripts/persona.js?' . $file_mtime)); - } } private static function loadNotifications() { |