Skip to content

Commit

Permalink
Non-authenticated AJAX actions are only supported in handlers, not hooks
Browse files Browse the repository at this point in the history
  • Loading branch information
@slusarz @mrubinsk
slusarz authored and mrubinsk committed Nov 14, 2013
1 parent 1b8c968 commit e894825
Showing 1 changed file with 5 additions and 3 deletions.
8 changes: 5 additions & 3 deletions framework/Core/lib/Horde/Core/Ajax/Application.php
View file
Expand Up @@ -82,11 +82,13 @@ public function __construct($app, Horde_Variables $vars, $action = null,

$ob = $this->_getHandler();

/* Non-authenticated actions MUST occur in a handler. */
if (!$ob && !$registry->currentProcessAuth()) {
throw new Horde_Exception('Accessing AJAX action without being authenticated.');
}

/* Check authentication/token. */
if ($ob && !$ob->external($action)) {
if (!$registry->currentProcessAuth()) {
throw new Horde_Exception('Accessing AJAX action without being authenticated.');
}
$session->checkToken($token);
}

Expand Down

0 comments on commit e894825

Please sign in to comment.