From 56ffc115d15bf136bfced74707ccc1f41c7b5e44 Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Sat, 13 Aug 2016 19:10:32 +0200
Subject: Do not mix POST and GET params

Avoid returning CSRF POST token for a GET
---
 app/Controllers/configureController.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'app/Controllers/configureController.php')

diff --git a/app/Controllers/configureController.php b/app/Controllers/configureController.php
index d0f0bd68b..147a2fe06 100755
--- a/app/Controllers/configureController.php
+++ b/app/Controllers/configureController.php
@@ -139,7 +139,7 @@ class FreshRSS_configure_Controller extends Minz_ActionController {
 	 */
 	public function sharingAction() {
 		if (Minz_Request::isPost()) {
-			$params = Minz_Request::params();
+			$params = Minz_Request::fetchGET();
 			FreshRSS_Context::$user_conf->sharing = $params['share'];
 			FreshRSS_Context::$user_conf->save();
 			invalidateHttpCache();
@@ -282,7 +282,7 @@ class FreshRSS_configure_Controller extends Minz_ActionController {
 		foreach (FreshRSS_Context::$user_conf->queries as $key => $query) {
 			$queries[$key] = new FreshRSS_UserQuery($query, $feed_dao, $category_dao);
 		}
-		$params = Minz_Request::params();
+		$params = Minz_Request::fetchGET();
 		$params['url'] = Minz_Url::display(array('params' => $params));
 		$params['name'] = _t('conf.query.number', count($queries) + 1);
 		$queries[] = new FreshRSS_UserQuery($params, $feed_dao, $category_dao);
-- 
cgit v1.2.3