mirror of https://github.com/MISP/MISP
fix: [templates controller] remove CSRF protection from the rearranging
- worst case an attacker messes with the order of a template's fields via CSRF, don't think anyone will ever care - removes the annoying blackholing for the drag and droppull/8902/merge
parent
6243e03e5e
commit
a94777231b
|
@ -18,7 +18,7 @@ class TemplatesController extends AppController
|
|||
public function beforeFilter()
|
||||
{ // TODO REMOVE
|
||||
parent::beforeFilter();
|
||||
$this->Security->unlockedActions = array('uploadFile', 'deleteTemporaryFile');
|
||||
$this->Security->unlockedActions = array('uploadFile', 'deleteTemporaryFile', 'saveElementSorting');
|
||||
}
|
||||
|
||||
public function index()
|
||||
|
@ -188,7 +188,7 @@ class TemplatesController extends AppController
|
|||
$this->request->onlyAllow('ajax');
|
||||
$orderedElements = $this->request->data;
|
||||
foreach ($orderedElements as $key => $e) {
|
||||
$orderedElements[$key] = ltrim($e, 'id_');
|
||||
$orderedElements[$key] = (int)ltrim($e, 'id_');
|
||||
}
|
||||
$extractedIds = array();
|
||||
foreach ($orderedElements as $element) {
|
||||
|
|
Loading…
Reference in New Issue