From d71100c6b757abb7cb73c607265712701606cd7a Mon Sep 17 00:00:00 2001 From: Roeland Jago Douma Date: Fri, 24 Jan 2020 09:48:48 +0100 Subject: [PATCH] Perform CSRF checks Signed-off-by: Roeland Jago Douma --- lib/Controller/ApiController.php | 5 ----- lib/Controller/PageController.php | 10 ---------- 2 files changed, 15 deletions(-) diff --git a/lib/Controller/ApiController.php b/lib/Controller/ApiController.php index 5558918..f143257 100644 --- a/lib/Controller/ApiController.php +++ b/lib/Controller/ApiController.php @@ -200,7 +200,6 @@ class ApiController extends Controller { /** * Read all votes of a form based on the form id * @NoAdminRequired - * @NoCSRFRequired * @param Integer $formId * @return Array */ @@ -232,7 +231,6 @@ class ApiController extends Controller { /** * Read an entire form based on form id * @NoAdminRequired - * @NoCSRFRequired * @param Integer $formId * @return Array */ @@ -252,7 +250,6 @@ class ApiController extends Controller { /** * Read all shares (users and groups with access) of a form based on the form id * @NoAdminRequired - * @NoCSRFRequired * @param Integer $formId * @return Array */ @@ -310,7 +307,6 @@ class ApiController extends Controller { /** * Read an entire form based on the form id or hash * @NoAdminRequired - * @NoCSRFRequired * @param String $formIdOrHash form id or hash * @return Array */ @@ -365,7 +361,6 @@ class ApiController extends Controller { /** * Get all forms * @NoAdminRequired - * @NoCSRFRequired * @return DataResponse */ diff --git a/lib/Controller/PageController.php b/lib/Controller/PageController.php index dcb60f0..f2cfc61 100644 --- a/lib/Controller/PageController.php +++ b/lib/Controller/PageController.php @@ -155,7 +155,6 @@ class PageController extends Controller { /** * @NoAdminRequired - * @NoCSRFRequired */ public function createForm() { return new TemplateResponse('forms', 'forms.tmpl', @@ -164,7 +163,6 @@ class PageController extends Controller { /** * @NoAdminRequired - * @NoCSRFRequired */ public function cloneForm() { return new TemplateResponse('forms', 'forms.tmpl', @@ -173,7 +171,6 @@ class PageController extends Controller { /** * @NoAdminRequired - * @NoCSRFRequired * @param string $hash * @return TemplateResponse */ @@ -340,7 +337,6 @@ class PageController extends Controller { /** * @NoAdminRequired - * @NoCSRFRequired * @param int $formId * @return TemplateResponse|RedirectResponse */ @@ -359,7 +355,6 @@ class PageController extends Controller { /** * @NoAdminRequired - * @NoCSRFRequired * @PublicPage * @param int $formId * @param string $userId @@ -416,7 +411,6 @@ class PageController extends Controller { /** * @NoAdminRequired - * @NoCSRFRequired * @param string $searchTerm * @param string $groups * @param string $users @@ -428,7 +422,6 @@ class PageController extends Controller { /** * @NoAdminRequired - * @NoCSRFRequired * @param string $searchTerm * @param string $groups * @return array @@ -454,7 +447,6 @@ class PageController extends Controller { /** * @NoAdminRequired - * @NoCSRFRequired * @param string $searchTerm * @param string $users * @return array @@ -488,7 +480,6 @@ class PageController extends Controller { /** * @NoAdminRequired - * @NoCSRFRequired * @param string $username * @return string */ @@ -580,7 +571,6 @@ class PageController extends Controller { /** * @NoAdminRequired - * @NoCSRFRequired * @param int $id * @return TemplateResponse */