전체 post 요청에 대한 checkCSRF() 적용

xpressengine · Oct 16, 2015 · 3e34fd0 · 3e34fd0 · largeden · Oct 16, 2015
1 parent 87b07e8
commit 3e34fd0
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/classes/module/ModuleHandler.class.php b/classes/module/ModuleHandler.class.php
@@ -411,7 +411,7 @@ function procModule()
 		$logged_info = Context::get('logged_info');
 
 		// check CSRF for admin actions
-		if($kind === 'admin' && Context::getRequestMethod() === 'POST' && !checkCSRF()) {
+		if(Context::getRequestMethod() === 'POST' && !checkCSRF()) {
 			$this->error = 'msg_invalid_request';
 			$oMessageObject = ModuleHandler::getModuleInstance('message', $display_mode);
 			$oMessageObject->setError(-1);