experimental CSRF protection

author: Andrew Dolgov <[email protected]> 2011-12-26 12:02:52 +0400
committer: Andrew Dolgov <[email protected]> 2011-12-26 12:02:52 +0400
commit: 8484ce22584b8714622833adcc7ebfe3ef9cf90e (patch)
tree: 057d7a64c3af60e2389d519ba19e476b5fbe6212 /classes/pref_feeds.php
parent: 036cd3a4106cf2eee0be72f0695458dfb517976b (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/classes/pref_feeds.php b/classes/pref_feeds.php
index 5df5eb939..b83abd789 100644
--- a/classes/pref_feeds.php
+++ b/classes/pref_feeds.php
@@ -1,5 +1,12 @@
 <?php
 class Pref_Feeds extends Protected_Handler {
+
+	function csrf_ignore($method) {
+		$csrf_ignored = array("index", "getfeedtree", "add", "editcats", "editfeed");
+
+		return array_search($method, $csrf_ignored) !== false;
+	}
+
 	function batch_edit_cbox($elem, $label = false) {
 		print "<input type=\"checkbox\" title=\"".__("Check to enable field")."\"
 			onchange=\"dijit.byId('feedEditDlg').toggleField(this, '$elem', '$label')\">";
author	Andrew Dolgov <[email protected]>	2011-12-26 12:02:52 +0400
committer	Andrew Dolgov <[email protected]>	2011-12-26 12:02:52 +0400
commit	8484ce22584b8714622833adcc7ebfe3ef9cf90e (patch)
tree	057d7a64c3af60e2389d519ba19e476b5fbe6212 /classes/pref_feeds.php
parent	036cd3a4106cf2eee0be72f0695458dfb517976b (diff)