MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

fix: Remove form tampering for REST requests 

- makes MISP compatible with 2.10.x
- No point in running the security component's test since no form is submitted via REST anyway.
pull/1994/merge
iglocska 2018-05-08 18:50:27 +02:00
parent eb51a35472
commit 776084130f
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
app/Controller/AppController.php
View File

@ -161,6 +161,9 @@ class AppController extends Controller {
}
$userLoggedIn = false;
if (Configure::read('Plugin.CustomAuth_enable')) $userLoggedIn = $this->__customAuthentication($_SERVER);
if ($this->_isRest()) {
$this->Security->validatePost = false;
}
if (!$userLoggedIn) {
// REST authentication
if ($this->_isRest() || $this->_isAutomation()) {