Move unsecured GET endpoint handlers before security token check in Module\Contact

This commit is contained in:
Hypolite Petovan 2021-09-10 12:05:43 -04:00
parent 75d3f5094b
commit 8b450be09b

View file

@ -365,6 +365,14 @@ class Contact extends BaseModule
throw new NotFoundException(DI::l10n()->t('Contact not found')); throw new NotFoundException(DI::l10n()->t('Contact not found'));
} }
if ($cmd === 'posts') {
return self::getPostsHTML($a, $contact_id);
}
if ($cmd === 'conversations') {
return self::getConversationsHMTL($a, $contact_id, $update);
}
self::checkFormSecurityTokenRedirectOnError('contact/' . $contact_id, 'contact_action', 't'); self::checkFormSecurityTokenRedirectOnError('contact/' . $contact_id, 'contact_action', 't');
$cdata = Model\Contact::getPublicAndUserContactID($orig_record['id'], local_user()); $cdata = Model\Contact::getPublicAndUserContactID($orig_record['id'], local_user());
@ -440,12 +448,6 @@ class Contact extends BaseModule
DI::baseUrl()->redirect('contact'); DI::baseUrl()->redirect('contact');
// NOTREACHED // NOTREACHED
} }
if ($cmd === 'posts') {
return self::getPostsHTML($a, $contact_id);
}
if ($cmd === 'conversations') {
return self::getConversationsHMTL($a, $contact_id, $update);
}
} }
$_SESSION['return_path'] = DI::args()->getQueryString(); $_SESSION['return_path'] = DI::args()->getQueryString();