openrat-cms

OpenRat Content Management System
git clone http://git.code.weiherhei.de/openrat-cms.git
Log | Files | Refs | README

commit b6b110c2e8f3d9b07229efbd8940c2deb45b1da9
parent 744c5f4bdb1dd9060a07ecb60d5f83ba6b2720bd
Author: Jan Dankert <develop@jandankert.de>
Date:   Mon, 26 Oct 2020 16:56:47 +0100

POST requests should never be send to the UI. The API should be used for POST requests.

Diffstat:
Mmodules/cms/ui/UI.class.php | 3+++
1 file changed, 3 insertions(+), 0 deletions(-)

diff --git a/modules/cms/ui/UI.class.php b/modules/cms/ui/UI.class.php @@ -47,6 +47,9 @@ class UI $request->method = 'show'; } + if ( $request->isAction ) + throw new \RuntimeException('The UI does not accept POST requests'); + if ( in_array( $request->action,['index','tree','title']) ) $request->isUIAction = true;