diff options
| author |  Alexandre Alapetite <alexandre@alapetite.fr>
| 2016-08-13 19:10:32 +0200 |
|---|---|---|
| committer | Alexandre Alapetite <alexandre@alapetite.fr>
| 2016-08-13 19:10:32 +0200 |
| commit | 56ffc115d15bf136bfced74707ccc1f41c7b5e44 (patch) | |
| tree | 6149b276b06d5d8fe295c020bed842f91c0bcd15 /app/views/entry | |
| parent | e6fd34bdda5d067a9e74714aaae10c89ed998a46 (diff) | |
Do not mix POST and GET params
Avoid returning CSRF POST token for a GET
Diffstat (limited to 'app/views/entry')
| -rwxr-xr-x | app/views/entry/bookmark.phtml | 19 | ||||
| -rwxr-xr-x | app/views/entry/read.phtml | 19 |
2 files changed, 18 insertions, 20 deletions
diff --git a/app/views/entry/bookmark.phtml b/app/views/entry/bookmark.phtml index 6b5a4ed03..d85706669 100755 --- a/app/views/entry/bookmark.phtml +++ b/app/views/entry/bookmark.phtml @@ -1,17 +1,16 @@ <?php header('Content-Type: application/json; charset=UTF-8'); -if (Minz_Request::param('is_favorite', true)) { - Minz_Request::_param('is_favorite', 0); -} else { - Minz_Request::_param('is_favorite', 1); -} - -$url = Minz_Url::display(array( +$url = array( 'c' => Minz_Request::controllerName(), 'a' => Minz_Request::actionName(), - 'params' => Minz_Request::params(), -)); + 'params' => Minz_Request::fetchGET(), +); + +$url['params']['is_favorite'] = Minz_Request::param('is_favorite', true) ? '0' : '1'; FreshRSS::loadStylesAndScripts(); -echo json_encode(array('url' => str_ireplace('&', '&', $url), 'icon' => _i(Minz_Request::param('is_favorite') ? 'non-starred' : 'starred'))); +echo json_encode(array( + 'url' => str_ireplace('&', '&', Minz_Url::display($url)), + 'icon' => _i($url['params']['is_favorite'] === '1' ? 'non-starred' : 'starred') + )); diff --git a/app/views/entry/read.phtml b/app/views/entry/read.phtml index 7d0e3de82..73977d94b 100755 --- a/app/views/entry/read.phtml +++ b/app/views/entry/read.phtml @@ -1,17 +1,16 @@ <?php header('Content-Type: application/json; charset=UTF-8'); -if (Minz_Request::param('is_read', true)) { - Minz_Request::_param('is_read', 0); -} else { - Minz_Request::_param('is_read', 1); -} - -$url = Minz_Url::display(array( +$url = array( 'c' => Minz_Request::controllerName(), 'a' => Minz_Request::actionName(), - 'params' => Minz_Request::params(), -)); + 'params' => Minz_Request::fetchGET(), +); + +$url['params']['is_read'] = Minz_Request::param('is_read', true) ? '0' : '1'; FreshRSS::loadStylesAndScripts(); -echo json_encode(array('url' => str_ireplace('&', '&', $url), 'icon' => _i(Minz_Request::param('is_read') ? 'unread' : 'read'))); +echo json_encode(array( + 'url' => str_ireplace('&', '&', Minz_Url::display($url)), + 'icon' => _i($url['params']['is_read'] === '1' ? 'unread' : 'read') + )); |