diff options
| author | Michael Hamann <michael@content-space.de> | 2011-05-25 12:15:04 +0200 |
|---|---|---|
| committer | Michael Hamann <michael@content-space.de> | 2011-05-25 12:15:04 +0200 |
| commit | f7b6e27ea2558ddfc97547178408841c5d51c5b6 (patch) | |
| tree | 415974b93772d3a61a6125ba73fd4a6548a2f49f /lib/exe | |
| parent | 5db163967c4a81c7ff8f76c0d157663a00c71e5f (diff) | |
| download | rpg-f7b6e27ea2558ddfc97547178408841c5d51c5b6.tar.gz rpg-f7b6e27ea2558ddfc97547178408841c5d51c5b6.tar.bz2 | |
Remove the security token from the ajax draft/lock calls again
The security token here doesn't improve the security as the other
requests that allow you to do the same thing aren't protected and I
don't see why locking or draft creation should be subject of XSRF
attacks.
Diffstat (limited to 'lib/exe')
| -rw-r--r-- | lib/exe/ajax.php | 2 |
1 files changed, 0 insertions, 2 deletions
diff --git a/lib/exe/ajax.php b/lib/exe/ajax.php index b2463ed3f..1056a05f8 100644 --- a/lib/exe/ajax.php +++ b/lib/exe/ajax.php @@ -128,7 +128,6 @@ function ajax_lock(){ $ID = cleanID($_POST['id']); if(empty($ID)) return; - if (!checkSecurityToken()) return; $INFO = pageinfo(); @@ -169,7 +168,6 @@ function ajax_lock(){ function ajax_draftdel(){ $id = cleanID($_REQUEST['id']); if(empty($id)) return; - if (!checkSecurityToken()) return; $client = $_SERVER['REMOTE_USER']; if(!$client) $client = clientIP(true); |