diff options
author | Phie <phie@phie.ovh> | 2019-04-17 16:59:06 +0300 |
---|---|---|
committer | Phie <phie@phie.ovh> | 2019-04-17 16:59:06 +0300 |
commit | 86c14e2f57a6c3f647b857cf18795fcc746ac7fb (patch) | |
tree | c9030359b03153b6dbdef29d6dbb4d9afafcd888 /lib | |
parent | 282e0390e9f984374a5972cd5da7242c8e55aca9 (diff) |
removing some nocsrfrequired
Diffstat (limited to 'lib')
-rwxr-xr-x | lib/Controller/NoteController.php | 27 | ||||
-rw-r--r-- | lib/Hooks/FSHooks.php | 4 |
2 files changed, 3 insertions, 28 deletions
diff --git a/lib/Controller/NoteController.php b/lib/Controller/NoteController.php index 5f3587b..edc963c 100755 --- a/lib/Controller/NoteController.php +++ b/lib/Controller/NoteController.php @@ -53,7 +53,6 @@ * add it to any other method if you don't exactly know what it does * * @NoAdminRequired - * @NoCSRFRequired */ public function listDir() { $path = $_GET['path']; @@ -88,7 +87,6 @@ /* * @NoAdminRequired - * @NoCSRFRequired */ public function newFolder(){ $path = $_POST['path']; @@ -103,29 +101,6 @@ * add it to any other method if you don't exactly know what it does * * @NoAdminRequired - * @NoCSRFRequired - */ - public function index() { - $data = array(); - $note1 = array(); - $note2 = array(); - - $note1['path'] = $path; - array_push($data, $note1); - $note2['path'] = "path2".$this->CarnetFolder->getPath(); - array_push($data, $note2); - - return $data; - } - - /** - * CAUTION: the @Stuff turns off security checks; for this page no admin is - * required and no CSRF check. If you don't know what CSRF is, read - * it up in the docs or you might create a security hole. This is - * basically the only required method to add this exemption, don't - * add it to any other method if you don't exactly know what it does - * - * @NoAdminRequired */ public function getRecent() { @@ -154,7 +129,6 @@ /** * @NoAdminRequired - * @NoCSRFRequired */ public function getNotePath() { return substr($this->CarnetFolder->getInternalPath(),6); @@ -162,7 +136,6 @@ /** * @NoAdminRequired - * @NoCSRFRequired */ public function setNotePath() { if(!empty($_POST['path'])&& $this->rootFolder->getUserFolder($this->userId)->isValidPath($_POST['path'])){ diff --git a/lib/Hooks/FSHooks.php b/lib/Hooks/FSHooks.php index de8244c..3873dbc 100644 --- a/lib/Hooks/FSHooks.php +++ b/lib/Hooks/FSHooks.php @@ -42,8 +42,10 @@ class FSHooks { private function isMine($node){ if(substr($node->getName(), -3) === "sqd"){ // to avoid getting carnet's path each time a file is writen //we check if is in our path - + + if(substr($node->getPath(), 0, strlen($this->carnetFolder->getPath())) === $this->carnetFolder->getPath()){ + return true; } } |