diff --git a/app/controllers/admin/statusgroups.php b/app/controllers/admin/statusgroups.php
index 22970d692ac804418834a0e0aba0423794e5c43b..5851d4843cd644ab75569200f710547a582be1f2 100644
--- a/app/controllers/admin/statusgroups.php
+++ b/app/controllers/admin/statusgroups.php
@@ -242,7 +242,7 @@ class Admin_StatusgroupsController extends AuthenticatedController
$this->check('edit');
$this->group = new Statusgruppen($group_id);
if (Request::submitted('confirm')) {
- CSRFProtection::verifySecurityToken();
+ CSRFProtection::verifyUnsafeRequest();
// move all subgroups to the parent
$children = SimpleORMapCollection::createFromArray($this->group->children);
@@ -268,7 +268,7 @@ class Admin_StatusgroupsController extends AuthenticatedController
$this->check('edit');
$this->group = new Statusgruppen($group_id);
if (Request::submitted('confirm')) {
- CSRFProtection::verifySecurityToken();
+ CSRFProtection::verifyUnsafeRequest();
$this->group->sortMembersAlphabetic();
$this->redirect('admin/statusgroups/index#group-' . $group_id);
}
diff --git a/app/controllers/blubber.php b/app/controllers/blubber.php
index aedf9b64081e3ec3444a9e3101c6b225ed6242bb..15d160614071ca3143378e2cf3a270415a202c9d 100644
--- a/app/controllers/blubber.php
+++ b/app/controllers/blubber.php
@@ -149,17 +149,16 @@ class BlubberController extends AuthenticatedController
public function delete_action($thread_id)
{
+ CSRFProtection::verifyUnsafeRequest();
+
$this->thread = BlubberThread::find($thread_id);
if (!$this->thread->isWritable()) {
throw new AccessDeniedException();
}
- if (Request::isPost()) {
- CSRFProtection::verifySecurityToken();
- $this->thread->delete();
- PageLayout::postSuccess(_('Der Blubber wurde gelöscht.'));
- }
+
+ $this->thread->delete();
+ PageLayout::postSuccess(_('Der Blubber wurde gelöscht.'));
$this->redirect('blubber/index');
- return;
}
public function write_to_action($user_id = null)
diff --git a/app/controllers/calendar/calendar.php b/app/controllers/calendar/calendar.php
index cc29e5524be6785317f60ac1678a722d5430701d..6923f8f8cd11d7af1be216ecec5b2d556272c126 100644
--- a/app/controllers/calendar/calendar.php
+++ b/app/controllers/calendar/calendar.php
@@ -812,7 +812,7 @@ class Calendar_CalendarController extends AuthenticatedController
public function import_file_action()
{
if (Request::submitted('import')) {
- CSRFProtection::verifySecurityToken();
+ CSRFProtection::verifyUnsafeRequest();
$range_id = Context::getId() ?? User::findCurrent()->id;
$calendar_import = new ICalendarImport($range_id);
$calendar_import->convertPublicToPrivate(Request::bool('import_privat', false));
@@ -928,13 +928,13 @@ class Calendar_CalendarController extends AuthenticatedController
{
$this->short_id = null;
if (Request::submitted('delete_id')) {
- CSRFProtection::verifySecurityToken();
+ CSRFProtection::verifyUnsafeRequest();
IcalExport::deleteKey(User::findCurrent()->id);
PageLayout::postSuccess(_('Die Adresse, unter der Ihre Termine abrufbar sind, wurde gelöscht'));
}
if (Request::submitted('new_id')) {
- CSRFProtection::verifySecurityToken();
+ CSRFProtection::verifyUnsafeRequest();
$this->short_id = IcalExport::setKey(User::findCurrent()->id);
PageLayout::postSuccess(_('Eine Adresse, unter der Ihre Termine abrufbar sind, wurde erstellt.'));
} else {
diff --git a/app/controllers/course/basicdata.php b/app/controllers/course/basicdata.php
index 329554f244fff448471ab1d146efb35fa96a552e..59130c4a358702fa697a13fd5d5de85347cf2fd7 100644
--- a/app/controllers/course/basicdata.php
+++ b/app/controllers/course/basicdata.php
@@ -421,10 +421,11 @@ class Course_BasicdataController extends AuthenticatedController
$text = '';
}
if ($newstatus !== '' && $text !== '') {
- $widget->addLink($text,
+ $widget->addLink(
+ $text,
$this->url_for('course/basicdata/switchdeputy', $this->course_id, $newstatus),
Icon::create('persons')
- );
+ )->asButton();
}
}
if (Config::get()->ALLOW_DOZENT_DELETE || $GLOBALS['perm']->have_perm('admin')) {
@@ -460,7 +461,7 @@ class Course_BasicdataController extends AuthenticatedController
{
global $perm;
- CSRFProtection::verifySecurityToken();
+ CSRFProtection::verifyUnsafeRequest();
$course_number_format = Config::get()->COURSE_NUMBER_FORMAT;
$sem = Seminar::getInstance($course_id);
@@ -598,7 +599,7 @@ class Course_BasicdataController extends AuthenticatedController
public function add_member_action($course_id, $status = 'dozent')
{
- CSRFProtection::verifySecurityToken();
+ CSRFProtection::verifyUnsafeRequest();
// load MultiPersonSearch object
$mp = MultiPersonSearch::load("add_member_{$status}{$course_id}");
@@ -856,9 +857,9 @@ class Course_BasicdataController extends AuthenticatedController
*/
public function priorityupfor_action($course_id, $user_id, $status = "dozent")
{
- global $user, $perm;
+ global $perm;
- CSRFProtection::verifySecurityToken();
+ CSRFProtection::verifyUnsafeRequest();
$sem = Seminar::getInstance($course_id);
$this->msg = [];
@@ -893,9 +894,9 @@ class Course_BasicdataController extends AuthenticatedController
*/
public function prioritydownfor_action($course_id, $user_id, $status = "dozent")
{
- global $user, $perm;
+ global $perm;
- CSRFProtection::verifySecurityToken();
+ CSRFProtection::verifyUnsafeRequest();
$sem = Seminar::getInstance($course_id);
$this->msg = [];
@@ -923,7 +924,7 @@ class Course_BasicdataController extends AuthenticatedController
public function switchdeputy_action($course_id, $newstatus)
{
- CSRFProtection::verifySecurityToken();
+ CSRFProtection::verifyUnsafeRequest();
switch($newstatus) {
case 'dozent':
diff --git a/app/controllers/course/grouping.php b/app/controllers/course/grouping.php
index 3cef6731f95e921cc6db14c8a8f55f45664abf97..588872b348ad370768d7e0353d3e432cb24b4770 100644
--- a/app/controllers/course/grouping.php
+++ b/app/controllers/course/grouping.php
@@ -506,7 +506,7 @@ class Course_GroupingController extends AuthenticatedController
*/
public function add_members_action()
{
- CSRFProtection::verifySecurityToken();
+ CSRFProtection::verifyUnsafeRequest();
$fail = [];
// Iterate over selected courses...
diff --git a/app/controllers/help_content.php b/app/controllers/help_content.php
index 4162d85e2169e7efa08a0c6a3b98b12a3286f536..c2025f1512501ba80f1c35d6a0786ce1c2cd9db3 100644
--- a/app/controllers/help_content.php
+++ b/app/controllers/help_content.php
@@ -158,7 +158,7 @@ class HelpContentController extends AuthenticatedController
*/
public function store_action($id = '')
{
- CSRFProtection::verifySecurityToken();
+ CSRFProtection::verifyUnsafeRequest();
$content_id = md5(uniqid('help_content', 1));
$create_new_content = false;
@@ -244,14 +244,16 @@ class HelpContentController extends AuthenticatedController
*/
public function delete_action($id)
{
- CSRFProtection::verifySecurityToken();
PageLayout::setTitle(_('Hilfe-Text löschen'));
$this->help_content = HelpContent::GetContentByID($id);
if (is_object($this->help_content)) {
if (Request::submitted('delete_help_content')) {
- PageLayout::postMessage(MessageBox::success(sprintf(_('Der Hilfe-Text zur Route "%s" wurde gelöscht.'), htmlReady($this->help_content->route))));
+ CSRFProtection::verifyUnsafeRequest();
+
$this->help_content->delete();
+ PageLayout::postSuccess(sprintf(_('Der Hilfe-Text zur Route "%s" wurde gelöscht.'), htmlReady($this->help_content->route)));
+
$this->response->add_header('X-Dialog-Close', 1);
$this->render_nothing();
return;
diff --git a/app/controllers/news.php b/app/controllers/news.php
index f93501712ceb5ba5b84347b7db76efdc398d39f7..375f48b25205352f47756bd0c93839a7fbf87893 100644
--- a/app/controllers/news.php
+++ b/app/controllers/news.php
@@ -97,8 +97,8 @@ class NewsController extends StudipController
}
// Check if user wrote a comment
- if (Request::submitted('accept') && trim(Request::get('comment_content')) && Request::isPost()) {
- CSRFProtection::verifySecurityToken();
+ if (Request::submitted('accept') && trim(Request::get('comment_content'))) {
+ CSRFProtection::verifyUnsafeRequest();
$news_id = Request::get('comsubmit');
$comment = StudipComment::create([
diff --git a/app/controllers/settings/privacy.php b/app/controllers/settings/privacy.php
index e61e4be909160fd234c9746e8a975e8cb7130ad8..8d63ad8410883fcfc0d84bfcdda22d49edefb41d 100644
--- a/app/controllers/settings/privacy.php
+++ b/app/controllers/settings/privacy.php
@@ -64,7 +64,7 @@ class Settings_PrivacyController extends Settings_SettingsController
*/
public function global_action()
{
- CSRFProtection::verifySecurityToken();
+ CSRFProtection::verifyUnsafeRequest();
$visibility = Request::option('global_visibility');
@@ -183,7 +183,7 @@ class Settings_PrivacyController extends Settings_SettingsController
*/
public function homepage_action()
{
- CSRFProtection::verifySecurityToken();
+ CSRFProtection::verifyUnsafeRequest();
// If no bulk action is performed set all visibilitysettings seperately
if (!$this->bulk()) {
diff --git a/app/controllers/shared/contacts.php b/app/controllers/shared/contacts.php
index 0cce44f3612437e6c4ed5c68a634be20f9a91c55..997728a2d20f85eafae075ebabb2c8688e051bd3 100644
--- a/app/controllers/shared/contacts.php
+++ b/app/controllers/shared/contacts.php
@@ -485,7 +485,7 @@ class Shared_ContactsController extends MVVController
$this->ext_contact = $ext_contact;
if (Request::submitted('store_ansprechpartner')) {
- CSRFProtection::verifySecurityToken();
+ CSRFProtection::verifyUnsafeRequest();
if (!$user_id) {
if (Request::get('exansp_name')) {
@@ -585,7 +585,7 @@ class Shared_ContactsController extends MVVController
}
public function store_ansprechpartner_action ($contact_range_id, $origin = 'index') {
- CSRFProtection::verifySecurityToken();
+ CSRFProtection::verifyUnsafeRequest();
$contact_range = MvvContactRange::find($contact_range_id);
if (!$contact_range) {
@@ -621,7 +621,7 @@ class Shared_ContactsController extends MVVController
public function delete_range_action($contact_range_id)
{
- CSRFProtection::verifySecurityToken();
+ CSRFProtection::verifyUnsafeRequest();
$range = MvvContactRange::find($contact_range_id);
$contact = $range->contact;
diff --git a/app/controllers/tour.php b/app/controllers/tour.php
index 5150c6c503d34c96408935fe0ea0a706491b69c7..46052b5ad8b55651c844b03a9ea276d73e1a56f6 100644
--- a/app/controllers/tour.php
+++ b/app/controllers/tour.php
@@ -211,7 +211,7 @@ class TourController extends AuthenticatedController
}
// delete tour
if (Request::option('confirm_delete_tour')) {
- CSRFProtection::verifySecurityToken();
+ CSRFProtection::verifyUnsafeRequest();
$this->delete_tour(Request::option('tour_id'));
}
// load tours
@@ -370,7 +370,7 @@ class TourController extends AuthenticatedController
$this->tour = new HelpTour($tour_id);
if (Request::submitted('yes')) {
- CSRFProtection::verifySecurityToken();
+ CSRFProtection::verifyUnsafeRequest();
$this->response->add_header('X-Action', 'complete');
$this->tour->delete();
} elseif (Request::submitted('no')) {
@@ -401,7 +401,7 @@ class TourController extends AuthenticatedController
}
if (Request::submitted('yes')) {
- CSRFProtection::verifySecurityToken();
+ CSRFProtection::verifyUnsafeRequest();
$this->response->add_header('X-Action', 'complete');
$this->tour->deleteStep($step_nr);
} elseif (Request::submitted('no')) {
@@ -484,7 +484,7 @@ class TourController extends AuthenticatedController
}
// save step
if ($mode === 'save') {
- CSRFProtection::verifySecurityToken();
+ CSRFProtection::verifyUnsafeRequest();
if (Request::option('tour_step_editmode') == 'new') {
$this->tour = new HelpTour($tour_id);
if ($tour_id && $this->tour->isNew()) {
@@ -696,7 +696,7 @@ class TourController extends AuthenticatedController
}
if (Request::submitted('save_tour_details')) {
- CSRFProtection::verifySecurityToken();
+ CSRFProtection::verifyUnsafeRequest();
$this->tour->name = trim(Request::get('tour_name'));
$this->tour->description = trim(Request::get('tour_description'));
if (Request::option('tour_language')) {
diff --git a/app/views/admin/statusgroups/_group.php b/app/views/admin/statusgroups/_group.php
index 9770d7be345d0228cbaa232a75b5792219911bc0..84ba55a6d9840c6bdd0575ba3b487c66d7009f37 100644
--- a/app/views/admin/statusgroups/_group.php
+++ b/app/views/admin/statusgroups/_group.php
@@ -9,56 +9,75 @@
*/
?>
<a name="group-<?= $group->id ?>"></a>
-<table id="<?= $group->id ?>" class="default movable">
- <colgroup>
- <col width="1">
- <col width="1">
- <col width="10">
- <col>
- <col width="10%">
- </colgroup>
- <caption>
- <?= htmlReady($group->name) ?>
- <? if ($tutor): ?>
- <span class="actions">
- <? $menu = ActionMenu::get()->setContext($group->name) ?>
- <? $menu->addLink($controller->url_for("admin/statusgroups/editGroup/{$group->id}"),
- _('Gruppe bearbeiten'), Icon::create('edit'), ['data-dialog' => 'size=auto']) ?>
- <? $menu->addMultiPersonSearch(
- MultiPersonSearch::get("add_statusgroup" . $group->id)
- ->setLinkText(_('Personen hinzufügen'))
- ->setDefaultSelectedUser($group->members->pluck('user_id'))
- ->setExecuteURL($controller->url_for("admin/statusgroups/memberAdd/{$group->id}"))
- ->setSearchObject($searchType)
- ->addQuickfilter(_("aktuelle Einrichtung"), $membersOfInstitute)
- ->addQuickfilter(_('Nicht zugeordnet'), $not_assigned)
- ) ?>
- <? $menu->addLink($controller->url_for("admin/statusgroups/deleteGroup/{$group->id}"),
- _('Gruppe löschen'), Icon::create('trash'), ['data-dialog' => 'size=auto']) ?>
- <? $menu->addLink($controller->url_for("admin/statusgroups/sortAlphabetic/{$group->id}"),
- _('Gruppe alphabetisch sortieren'), Icon::create('arr_2down'), ['data-dialog' => 'size=auto']) ?>
- <? if ($group->children): ?>
- <? $menu->addLink($controller->link_for("admin/statusgroups/sortGroupsAlphabetical/{$group->id}"),
- _('Untergruppen alphabetisch sortieren'), Icon::create('filter2'),
- ['data-confirm' => _('Sollen die Untergruppen dieser Gruppe alphabetisch sortiert werden?')]) ?>
- <? endif ?>
- <?= $menu->render() ?>
- </span>
- <? endif; ?>
- </caption>
- <thead>
- <tr>
- <th colspan="4">
- <?= sprintf(ngettext('%u Mitglied', '%u Mitglieder', count($group->members)),
- count($group->members)) ?>
- </th>
- <th class="actions"></th>
- </tr>
- </thead>
- <tbody>
- <?= $this->render_partial('admin/statusgroups/_members.php', ['group' => $group]) ?>
- </tbody>
-</table>
+<form method="post">
+ <?= CSRFProtection::tokenTag() ?>
+ <table id="<?= $group->id ?>" class="default movable">
+ <colgroup>
+ <col width="1">
+ <col width="1">
+ <col width="10">
+ <col>
+ <col width="10%">
+ </colgroup>
+ <caption>
+ <?= htmlReady($group->name) ?>
+ <? if ($tutor): ?>
+ <span class="actions">
+ <? $menu = ActionMenu::get()->setContext($group->name) ?>
+ <? $menu->addLink($controller->url_for("admin/statusgroups/editGroup/{$group->id}"),
+ _('Gruppe bearbeiten'), Icon::create('edit'), ['data-dialog' => 'size=auto']) ?>
+ <? $menu->addMultiPersonSearch(
+ MultiPersonSearch::get("add_statusgroup" . $group->id)
+ ->setLinkText(_('Personen hinzufügen'))
+ ->setDefaultSelectedUser($group->members->pluck('user_id'))
+ ->setExecuteURL($controller->url_for("admin/statusgroups/memberAdd/{$group->id}"))
+ ->setSearchObject($searchType)
+ ->addQuickfilter(_("aktuelle Einrichtung"), $membersOfInstitute)
+ ->addQuickfilter(_('Nicht zugeordnet'), $not_assigned)
+ ) ?>
+ <? $menu->addButton(
+ 'delete',
+ _('Gruppe löschen'),
+ Icon::create('trash'),
+ [
+ 'data-dialog' => 'size=auto',
+ 'formaction' => $controller->url_for("admin/statusgroups/deleteGroup/{$group->id}"),
+
+ ]
+ ) ?>
+ <? $menu->addButton(
+ 'sort',
+ _('Gruppe alphabetisch sortieren'),
+ Icon::create('arr_2down'),
+ [
+ 'data-dialog' => 'size=auto',
+ 'formaction' => $controller->url_for("admin/statusgroups/sortAlphabetic/{$group->id}"),
+
+ ]
+ ) ?>
+ <? if ($group->children): ?>
+ <? $menu->addLink($controller->link_for("admin/statusgroups/sortGroupsAlphabetical/{$group->id}"),
+ _('Untergruppen alphabetisch sortieren'), Icon::create('filter2'),
+ ['data-confirm' => _('Sollen die Untergruppen dieser Gruppe alphabetisch sortiert werden?')]) ?>
+ <? endif ?>
+ <?= $menu->render() ?>
+ </span>
+ <? endif; ?>
+ </caption>
+ <thead>
+ <tr>
+ <th colspan="4">
+ <?= sprintf(ngettext('%u Mitglied', '%u Mitglieder', count($group->members)),
+ count($group->members)) ?>
+ </th>
+ <th class="actions"></th>
+ </tr>
+ </thead>
+ <tbody>
+ <?= $this->render_partial('admin/statusgroups/_members.php', ['group' => $group]) ?>
+ </tbody>
+ </table>
+</form>
<? if ($group->children): ?>
<ul class='tree-seperator'>
diff --git a/app/views/course/basicdata/view.php b/app/views/course/basicdata/view.php
index 9438aeb7ca37d1f0178dcd6f8ed7d617d0854989..62c062010169a4f8e1f9e687039cbbd5f32f55d4 100644
--- a/app/views/course/basicdata/view.php
+++ b/app/views/course/basicdata/view.php
@@ -132,14 +132,14 @@ $dialog_attr = Request::isXhr() ? ' data-dialog="size=50%"' : '';
<td class="actions">
<? if ($perm_dozent && !$dozent_is_locked): ?>
<? if ($num > 0) : ?>
- <a href="<?= $controller->link_for('course/basicdata/priorityupfor', $course_id, $dozent['user_id'], 'dozent') ?>" <?= $dialog_attr ?>>
+ <button class="as-link" formaction="<?= $controller->link_for('course/basicdata/priorityupfor', $course_id, $dozent['user_id'], 'dozent') ?>" <?= $dialog_attr ?>>
<?= Icon::create('arr_2up', Icon::ROLE_SORT)->asImg(['class' => 'middle']) ?>
- </a>
+ </button>
<? endif; ?>
<? if ($num < count($dozenten) - 1): ?>
- <a href="<?= $controller->link_for('course/basicdata/prioritydownfor', $course_id, $dozent['user_id'], 'dozent') ?>" <?= $dialog_attr ?>>
+ <button class="as-link" formaction="<?= $controller->link_for('course/basicdata/prioritydownfor', $course_id, $dozent['user_id'], 'dozent') ?>" <?= $dialog_attr ?>>
<?= Icon::create('arr_2down', Icon::ROLE_SORT)->asImg(['class' => 'middle']) ?>
- </a>
+ </button>
<? endif; ?>
<?= Icon::create('trash')->asInput([
'formaction' => $controller->url_for('course/basicdata/deletedozent', $course_id, $dozent['user_id']),
@@ -269,14 +269,14 @@ $dialog_attr = Request::isXhr() ? ' data-dialog="size=50%"' : '';
<td class="actions">
<? if ($perm_dozent && !$tutor_is_locked): ?>
<? if ($num > 0) : ?>
- <a href="<?= $controller->link_for('course/basicdata/priorityupfor', $course_id, $tutor['user_id'], 'tutor') ?>" <?= $dialog_attr ?>>
+ <button class="as-link" formaction="<?= $controller->link_for('course/basicdata/priorityupfor', $course_id, $tutor['user_id'], 'tutor') ?>" <?= $dialog_attr ?>>
<?= Icon::create('arr_2up', Icon::ROLE_SORT)->asImg(['class' => 'middle']) ?>
- </a>
+ </button>
<? endif; ?>
<? if ($num < count($tutoren) - 1) : ?>
- <a href="<?= $controller->link_for('course/basicdata/prioritydownfor', $course_id, $tutor['user_id'], 'tutor') ?>" <?= $dialog_attr ?>>
+ <button class="as-link" formaction="<?= $controller->link_for('course/basicdata/prioritydownfor', $course_id, $tutor['user_id'], 'tutor') ?>" <?= $dialog_attr ?>>
<?= Icon::create('arr_2down', Icon::ROLE_SORT)->asImg(['class' => 'middle']) ?>
- </a>
+ </button>
<? endif; ?>
<?= Icon::create('trash')->asInput([
'formaction' => $controller->url_for('course/basicdata/deletetutor', $course_id, $tutor['user_id']),
diff --git a/app/views/shared/contacts/details.php b/app/views/shared/contacts/details.php
index a4605ce915e4a2dda0b650ab41a9faa6712d2599..036035de13d003b4ee643426b8a2442f75e10c4b 100644
--- a/app/views/shared/contacts/details.php
+++ b/app/views/shared/contacts/details.php
@@ -60,13 +60,14 @@
Icon::create('edit'),
['data-dialog' => 'size=auto']
);
- $actions->addLink(
- $controller->url_for('shared/contacts/delete_range', $rel['contact_range_id']),
+ $actions->addButton(
+ 'delete_range',
_('Ansprechpartner-Zuordnung löschen'),
Icon::create('trash'),
[
'data-confirm' => _('Wollen Sie die Zuordnung des Ansprechpartners wirklich entfernen?'),
- 'data-dialog' => 'size=auto'
+ 'data-dialog' => 'size=auto',
+ 'formaction' => $controller->url_for('shared/contacts/delete_range', $rel['contact_range_id']),
]
);
echo $actions;
diff --git a/app/views/shared/contacts/range.php b/app/views/shared/contacts/range.php
index f58b286503b79e93140b39987a896b1da7b5d110..eeb06abc57bbb6a286d59805811eac4587d247ca 100644
--- a/app/views/shared/contacts/range.php
+++ b/app/views/shared/contacts/range.php
@@ -56,13 +56,14 @@
);
}
if ($perm_contacts >= MvvPerm::PERM_CREATE) {
- $actions->addLink(
- $controller->url_for('shared/contacts/delete_range', $mvv_contact->id),
+ $actions->addButton(
+ 'delete_range',
_('Ansprechpartner-Zuordnung löschen'),
Icon::create('trash'),
[
'data-confirm' => _('Wollen Sie die Zuordnung des Ansprechpartners wirklich entfernen?'),
- 'data-dialog' => 'size=auto'
+ 'data-dialog' => 'size=auto',
+ 'formaction' => $controller->url_for('shared/contacts/delete_range', $mvv_contact->id),
]
);
}
diff --git a/lib/showNews.inc.php b/lib/showNews.inc.php
index 882e9d4d423be5c5616646c74c85a181a0dbd9a0..c3734d432d425d11b57e9c351c94b9f3450634ed 100644
--- a/lib/showNews.inc.php
+++ b/lib/showNews.inc.php
@@ -40,8 +40,8 @@ function delete_news($delete_news_array)
if (!is_array($delete_news_array)) {
$delete_news_array = [$delete_news_array];
}
- if (Request::submitted('yes') && Request::isPost()) {
- CSRFProtection::verifySecurityToken();
+ if (Request::submitted('yes')) {
+ CSRFProtection::verifyUnsafeRequest();
$confirmed = true;
}
$delete_news_titles = [];
@@ -116,8 +116,8 @@ function remove_news($remove_array)
if (!is_array($remove_array)) {
return '';
}
- if (Request::submitted('yes') && Request::isPost()) {
- CSRFProtection::verifySecurityToken();
+ if (Request::submitted('yes')) {
+ CSRFProtection::verifyUnsafeRequest();
$confirmed = true;
}
foreach ($remove_array as $news_id => $ranges) {