lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-16 01:24:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

(mvc) fix http status codes, closes https://github.com/opnsense/core/issues/1358

Browse Source
This commit is contained in:
Ad Schellevis 2017-01-30 10:51:54 +01:00
parent 7f230df702
commit e574dcc663
2 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/opnsense/mvc/app/controllers/OPNsense/Base/ApiControllerBase.php
View File

@ -171,6 +171,7 @@ class ApiControllerBase extends ControllerRoot
// handle UI ajax requests
// use session data and ACL to validate request.
if (!$this->doAuth()) {
$this->response->setStatusCode(401, "Unauthorized");
return false;
}
@ -185,6 +186,7 @@ class ApiControllerBase extends ControllerRoot
) {
// missing csrf, exit.
$this->getLogger()->error("no matching csrf found for request");
$this->response->setStatusCode(403, "Forbidden");
return false;
}
}

1
src/opnsense/mvc/app/controllers/OPNsense/Base/ControllerBase.php
View File

@ -179,6 +179,7 @@ class ControllerBase extends ControllerRoot
// check for valid csrf on post requests
if ($this->request->isPost() && !$this->security->checkToken()) {
// post without csrf, exit.
$this->response->setStatusCode(403, "Forbidden");
return false;
}