Do not mix POST and GET params

Avoid returning CSRF POST token for a GET

4 files changed, 20 insertions, 22 deletions

diff --git a/app/views/entry/bookmark.phtml b/app/views/entry/bookmark.phtml
index 6b5a4ed03..d85706669 100755
--- a/app/views/entry/bookmark.phtml
+++ b/app/views/entry/bookmark.phtml
@@ -1,17 +1,16 @@
 <?php
 header('Content-Type: application/json; charset=UTF-8');
 
-if (Minz_Request::param('is_favorite', true)) {
-	Minz_Request::_param('is_favorite', 0);
-} else {
-	Minz_Request::_param('is_favorite', 1);
-}
-
-$url = Minz_Url::display(array(
+$url = array(
 	'c' => Minz_Request::controllerName(),
 	'a' => Minz_Request::actionName(),
-	'params' => Minz_Request::params(),
-));
+	'params' => Minz_Request::fetchGET(),
+);
+
+$url['params']['is_favorite'] = Minz_Request::param('is_favorite', true) ? '0' : '1';
 
 FreshRSS::loadStylesAndScripts();
-echo json_encode(array('url' => str_ireplace('&amp;', '&', $url), 'icon' => _i(Minz_Request::param('is_favorite') ? 'non-starred' : 'starred')));
+echo json_encode(array(
+		'url' => str_ireplace('&amp;', '&', Minz_Url::display($url)),
+		'icon' => _i($url['params']['is_favorite'] === '1' ? 'non-starred' : 'starred')
+	));
diff --git a/app/views/entry/read.phtml b/app/views/entry/read.phtml
index 7d0e3de82..73977d94b 100755
--- a/app/views/entry/read.phtml
+++ b/app/views/entry/read.phtml
@@ -1,17 +1,16 @@
 <?php
 header('Content-Type: application/json; charset=UTF-8');
 
-if (Minz_Request::param('is_read', true)) {
-	Minz_Request::_param('is_read', 0);
-} else {
-	Minz_Request::_param('is_read', 1);
-}
-
-$url = Minz_Url::display(array(
+$url = array(
 	'c' => Minz_Request::controllerName(),
 	'a' => Minz_Request::actionName(),
-	'params' => Minz_Request::params(),
-));
+	'params' => Minz_Request::fetchGET(),
+);
+
+$url['params']['is_read'] = Minz_Request::param('is_read', true) ? '0' : '1';
 
 FreshRSS::loadStylesAndScripts();
-echo json_encode(array('url' => str_ireplace('&amp;', '&', $url), 'icon' => _i(Minz_Request::param('is_read') ? 'unread' : 'read')));
+echo json_encode(array(
+		'url' => str_ireplace('&amp;', '&', Minz_Url::display($url)),
+		'icon' => _i($url['params']['is_read'] === '1' ? 'unread' : 'read')
+	));
diff --git a/app/views/helpers/logs_pagination.phtml b/app/views/helpers/logs_pagination.phtml
index 58b3c68f4..bf9d91f04 100755
--- a/app/views/helpers/logs_pagination.phtml
+++ b/app/views/helpers/logs_pagination.phtml
@@ -1,7 +1,7 @@
 <?php
 	$c = Minz_Request::controllerName();
 	$a = Minz_Request::actionName();
-	$params = Minz_Request::params();
+	$params = Minz_Request::fetchGET();
 ?>
 
 <?php if ($this->nbPage > 1) { ?>
diff --git a/app/views/index/global.phtml b/app/views/index/global.phtml
index 0ffa3bc54..1e53e4f8c 100644
--- a/app/views/index/global.phtml
+++ b/app/views/index/global.phtml
@@ -14,7 +14,7 @@
 	$url_base = array(
 		'c' => 'index',
 		'a' => 'normal',
-		'params' => Minz_Request::params()
+		'params' => Minz_Request::fetchGET(),
 	);
 
 	foreach ($this->categories as $cat) {