From 5bd431b4075be5b47ca17bd8b323ec1af9a7034c Mon Sep 17 00:00:00 2001 From: Florian Pritz Date: Tue, 27 Sep 2016 19:09:40 +0200 Subject: Remove cli client CSRF whitelist Signed-off-by: Florian Pritz --- application/core/MY_Controller.php | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/application/core/MY_Controller.php b/application/core/MY_Controller.php index 68ee302a9..bf81afa14 100644 --- a/application/core/MY_Controller.php +++ b/application/core/MY_Controller.php @@ -70,23 +70,11 @@ class MY_Controller extends CI_Controller { "file/do_upload", "file/do_paste", ), - "cli_client" => array( - "file/do_delete", - "file/delete", - "file/do_multipaste", - "file/upload_history", - "user/create_apikey", - "file/get_max_size", - ), ); if (in_array($uri_start, $csrf_whitelisted_handlers["always"])) { $csrf_protection = false; } - if (is_api_client() && in_array($uri_start, $csrf_whitelisted_handlers["cli_client"])) { - $csrf_protection = false; - } - if ($csrf_protection && !$this->input->is_cli_request()) { // 2 functions for accessing config options, really? $this->config->set_item('csrf_protection', true); -- cgit v1.2.3-24-g4f1b