Move unsecured GET endpoint handlers before security token check in Module\Contact
This commit is contained in:
parent
75d3f5094b
commit
8b450be09b
1 changed files with 8 additions and 6 deletions
|
@ -365,6 +365,14 @@ class Contact extends BaseModule
|
||||||
throw new NotFoundException(DI::l10n()->t('Contact not found'));
|
throw new NotFoundException(DI::l10n()->t('Contact not found'));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ($cmd === 'posts') {
|
||||||
|
return self::getPostsHTML($a, $contact_id);
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($cmd === 'conversations') {
|
||||||
|
return self::getConversationsHMTL($a, $contact_id, $update);
|
||||||
|
}
|
||||||
|
|
||||||
self::checkFormSecurityTokenRedirectOnError('contact/' . $contact_id, 'contact_action', 't');
|
self::checkFormSecurityTokenRedirectOnError('contact/' . $contact_id, 'contact_action', 't');
|
||||||
|
|
||||||
$cdata = Model\Contact::getPublicAndUserContactID($orig_record['id'], local_user());
|
$cdata = Model\Contact::getPublicAndUserContactID($orig_record['id'], local_user());
|
||||||
|
@ -440,12 +448,6 @@ class Contact extends BaseModule
|
||||||
DI::baseUrl()->redirect('contact');
|
DI::baseUrl()->redirect('contact');
|
||||||
// NOTREACHED
|
// NOTREACHED
|
||||||
}
|
}
|
||||||
if ($cmd === 'posts') {
|
|
||||||
return self::getPostsHTML($a, $contact_id);
|
|
||||||
}
|
|
||||||
if ($cmd === 'conversations') {
|
|
||||||
return self::getConversationsHMTL($a, $contact_id, $update);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
$_SESSION['return_path'] = DI::args()->getQueryString();
|
$_SESSION['return_path'] = DI::args()->getQueryString();
|
||||||
|
|
Loading…
Reference in a new issue