mirror of https://github.com/MISP/MISP
fix: [templates controller] remove CSRF protection from the rearranging
- worst case an attacker messes with the order of a template's fields via CSRF, don't think anyone will ever care - removes the annoying blackholing for the drag and droppull/8902/merge
parent
6243e03e5e
commit
a94777231b
|
@ -18,7 +18,7 @@ class TemplatesController extends AppController
|
||||||
public function beforeFilter()
|
public function beforeFilter()
|
||||||
{ // TODO REMOVE
|
{ // TODO REMOVE
|
||||||
parent::beforeFilter();
|
parent::beforeFilter();
|
||||||
$this->Security->unlockedActions = array('uploadFile', 'deleteTemporaryFile');
|
$this->Security->unlockedActions = array('uploadFile', 'deleteTemporaryFile', 'saveElementSorting');
|
||||||
}
|
}
|
||||||
|
|
||||||
public function index()
|
public function index()
|
||||||
|
@ -188,7 +188,7 @@ class TemplatesController extends AppController
|
||||||
$this->request->onlyAllow('ajax');
|
$this->request->onlyAllow('ajax');
|
||||||
$orderedElements = $this->request->data;
|
$orderedElements = $this->request->data;
|
||||||
foreach ($orderedElements as $key => $e) {
|
foreach ($orderedElements as $key => $e) {
|
||||||
$orderedElements[$key] = ltrim($e, 'id_');
|
$orderedElements[$key] = (int)ltrim($e, 'id_');
|
||||||
}
|
}
|
||||||
$extractedIds = array();
|
$extractedIds = array();
|
||||||
foreach ($orderedElements as $element) {
|
foreach ($orderedElements as $element) {
|
||||||
|
|
Loading…
Reference in New Issue