Skip to content

Commit

Permalink
Fixed issue #19142: [security] CSRF in Save Box Settings (#3516)
Browse files Browse the repository at this point in the history
Co-authored-by: Lapiu Dev <devgit@lapiu.biz>
  • Loading branch information
gabrieljenik and lapiudevgit committed Oct 9, 2023
1 parent a738d14 commit ffb66e3
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 2 deletions.
2 changes: 1 addition & 1 deletion application/controllers/HomepageSettingsController.php
Expand Up @@ -33,7 +33,7 @@ public function accessRules()
public function filters()
{
return [
'postOnly + resetAllBoxes', // Only allow resetAllBoxes via POST request
'postOnly + resetAllBoxes, updateBoxesSettings', // Only allow resetAllBoxes via POST request
];
}

Expand Down
3 changes: 2 additions & 1 deletion assets/scripts/admin/homepagesettings.js
Expand Up @@ -116,7 +116,8 @@ $(document).on('ready pjax:scriptcomplete', function(){
$errorMessage = $('#boxeserrormessage').data('ajaxerrormessage');
$.ajax({
url : $url+'/boxesbyrow/'+$iBoxesByRow+'/boxesoffset/'+$iBoxesOffset,
type : 'GET',
method: "POST",
data: "",
dataType : 'html',
// html contains the buttons
success : function(html, statut){
Expand Down

0 comments on commit ffb66e3

Please sign in to comment.