Merge pull request #183 from nextcloud/sec/keep_csrf_check

Perform CSRF checks
2020-01-24 11:15:08 +01:00 · 2020-01-24 11:15:08 +01:00 · 7c44a95282
parent 4282f84f6b d71100c6b7
commit 7c44a95282
2 changed files with 0 additions and 15 deletions
--- a/lib/Controller/ApiController.php
+++ b/lib/Controller/ApiController.php
@ -200,7 +200,6 @@ class ApiController extends Controller {
 	/**
 	 * Read all votes of a form based on the form id
 	 * @NoAdminRequired
-	 * @NoCSRFRequired
 	 * @param Integer $formId
 	 * @return Array
 	 */
@ -232,7 +231,6 @@ class ApiController extends Controller {
 	/**
 	 * Read an entire form based on form id
 	 * @NoAdminRequired
-	 * @NoCSRFRequired
 	 * @param Integer $formId
 	 * @return Array
 	 */
@ -252,7 +250,6 @@ class ApiController extends Controller {
 	/**
 	 * Read all shares (users and groups with access) of a form based on the form id
 	 * @NoAdminRequired
-	 * @NoCSRFRequired
 	 * @param Integer $formId
 	 * @return Array
 	 */
@ -310,7 +307,6 @@ class ApiController extends Controller {
 	/**
 	 * Read an entire form based on the form id or hash
 	 * @NoAdminRequired
-	 * @NoCSRFRequired
 	 * @param String $formIdOrHash form id or hash
 	 * @return Array
 	 */
@ -365,7 +361,6 @@ class ApiController extends Controller {
 	/**
 	 * Get all forms
 	 * @NoAdminRequired
-	 * @NoCSRFRequired
 	 * @return DataResponse
 	 */

--- a/lib/Controller/PageController.php
+++ b/lib/Controller/PageController.php
@ -155,7 +155,6 @@ class PageController extends Controller {

 	/**
 	* @NoAdminRequired
-	* @NoCSRFRequired
 	*/
 	public function createForm() {
 		return new TemplateResponse('forms', 'forms.tmpl',
@ -164,7 +163,6 @@ class PageController extends Controller {

 	/**
 	* @NoAdminRequired
-	* @NoCSRFRequired
 	*/
 	public function cloneForm() {
 		return new TemplateResponse('forms', 'forms.tmpl',
@ -173,7 +171,6 @@ class PageController extends Controller {

 	/**
 	 * @NoAdminRequired
-	 * @NoCSRFRequired
 	 * @param string $hash
 	 * @return TemplateResponse
 	 */
@ -340,7 +337,6 @@ class PageController extends Controller {

 	/**
 	 * @NoAdminRequired
-	 * @NoCSRFRequired
 	 * @param int $formId
 	 * @return TemplateResponse|RedirectResponse
 	 */
@ -359,7 +355,6 @@ class PageController extends Controller {

 	/**
 	 * @NoAdminRequired
-	 * @NoCSRFRequired
 	 * @PublicPage
 	 * @param int $formId
 	 * @param string $userId
@ -416,7 +411,6 @@ class PageController extends Controller {

 	/**
 	 * @NoAdminRequired
-	 * @NoCSRFRequired
 	 * @param string $searchTerm
 	 * @param string $groups
 	 * @param string $users
@ -428,7 +422,6 @@ class PageController extends Controller {

 	/**
 	 * @NoAdminRequired
-	 * @NoCSRFRequired
 	 * @param string $searchTerm
 	 * @param string $groups
 	 * @return array
@ -454,7 +447,6 @@ class PageController extends Controller {

 	/**
 	 * @NoAdminRequired
-	 * @NoCSRFRequired
 	 * @param string $searchTerm
 	 * @param string $users
 	 * @return array
@ -488,7 +480,6 @@ class PageController extends Controller {

 	/**
 	 * @NoAdminRequired
-	 * @NoCSRFRequired
 	 * @param string $username
 	 * @return string
 	 */
@ -580,7 +571,6 @@ class PageController extends Controller {

 	/**
 	 * @NoAdminRequired
-	 * @NoCSRFRequired
 	 * @param int $id
 	 * @return TemplateResponse
 	 */