Merge pull request #183 from nextcloud/sec/keep_csrf_check
Perform CSRF checks
This commit is contained in:
commit
7c44a95282
|
@ -200,7 +200,6 @@ class ApiController extends Controller {
|
|||
/**
|
||||
* Read all votes of a form based on the form id
|
||||
* @NoAdminRequired
|
||||
* @NoCSRFRequired
|
||||
* @param Integer $formId
|
||||
* @return Array
|
||||
*/
|
||||
|
@ -232,7 +231,6 @@ class ApiController extends Controller {
|
|||
/**
|
||||
* Read an entire form based on form id
|
||||
* @NoAdminRequired
|
||||
* @NoCSRFRequired
|
||||
* @param Integer $formId
|
||||
* @return Array
|
||||
*/
|
||||
|
@ -252,7 +250,6 @@ class ApiController extends Controller {
|
|||
/**
|
||||
* Read all shares (users and groups with access) of a form based on the form id
|
||||
* @NoAdminRequired
|
||||
* @NoCSRFRequired
|
||||
* @param Integer $formId
|
||||
* @return Array
|
||||
*/
|
||||
|
@ -310,7 +307,6 @@ class ApiController extends Controller {
|
|||
/**
|
||||
* Read an entire form based on the form id or hash
|
||||
* @NoAdminRequired
|
||||
* @NoCSRFRequired
|
||||
* @param String $formIdOrHash form id or hash
|
||||
* @return Array
|
||||
*/
|
||||
|
@ -365,7 +361,6 @@ class ApiController extends Controller {
|
|||
/**
|
||||
* Get all forms
|
||||
* @NoAdminRequired
|
||||
* @NoCSRFRequired
|
||||
* @return DataResponse
|
||||
*/
|
||||
|
||||
|
|
|
@ -155,7 +155,6 @@ class PageController extends Controller {
|
|||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
* @NoCSRFRequired
|
||||
*/
|
||||
public function createForm() {
|
||||
return new TemplateResponse('forms', 'forms.tmpl',
|
||||
|
@ -164,7 +163,6 @@ class PageController extends Controller {
|
|||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
* @NoCSRFRequired
|
||||
*/
|
||||
public function cloneForm() {
|
||||
return new TemplateResponse('forms', 'forms.tmpl',
|
||||
|
@ -173,7 +171,6 @@ class PageController extends Controller {
|
|||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
* @NoCSRFRequired
|
||||
* @param string $hash
|
||||
* @return TemplateResponse
|
||||
*/
|
||||
|
@ -340,7 +337,6 @@ class PageController extends Controller {
|
|||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
* @NoCSRFRequired
|
||||
* @param int $formId
|
||||
* @return TemplateResponse|RedirectResponse
|
||||
*/
|
||||
|
@ -359,7 +355,6 @@ class PageController extends Controller {
|
|||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
* @NoCSRFRequired
|
||||
* @PublicPage
|
||||
* @param int $formId
|
||||
* @param string $userId
|
||||
|
@ -416,7 +411,6 @@ class PageController extends Controller {
|
|||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
* @NoCSRFRequired
|
||||
* @param string $searchTerm
|
||||
* @param string $groups
|
||||
* @param string $users
|
||||
|
@ -428,7 +422,6 @@ class PageController extends Controller {
|
|||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
* @NoCSRFRequired
|
||||
* @param string $searchTerm
|
||||
* @param string $groups
|
||||
* @return array
|
||||
|
@ -454,7 +447,6 @@ class PageController extends Controller {
|
|||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
* @NoCSRFRequired
|
||||
* @param string $searchTerm
|
||||
* @param string $users
|
||||
* @return array
|
||||
|
@ -488,7 +480,6 @@ class PageController extends Controller {
|
|||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
* @NoCSRFRequired
|
||||
* @param string $username
|
||||
* @return string
|
||||
*/
|
||||
|
@ -580,7 +571,6 @@ class PageController extends Controller {
|
|||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
* @NoCSRFRequired
|
||||
* @param int $id
|
||||
* @return TemplateResponse
|
||||
*/
|
||||
|
|
Loading…
Reference in a new issue