Skip to content

Commit

Permalink
Add CSRF check
Browse files Browse the repository at this point in the history
  • Loading branch information
@asmecher
asmecher committed Oct 3, 2023
1 parent 8d6870b commit 86a5c7d
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions controllers/grid/CustomBlockGridHandler.inc.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -199,6 +199,8 @@ function updateCustomBlock($args, $request) {
* @return string Serialized JSON object
*/
function deleteCustomBlock($args, $request) {
if (!$request->checkCSRF()) return new JSONMessage(false);

$blockName = $request->getUserVar('blockName');
$context = $request->getContext();
$contextId = $context ? $context->getId() : 0;
Expand Down

0 comments on commit 86a5c7d

Please sign in to comment.