tyler.durden
/
icingaweb2
mirror of https://github.com/Icinga/icingaweb2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

monitoring: Restrict delete downtime and delete comment to HTTP POST

This commit is contained in:
Eric Lippmann 2015-01-22 15:49:40 +01:00
parent 0f13c0428c
commit ba7818db5f
1 changed files with 2 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
modules/monitoring/library/Monitoring/Web/Controller/MonitoredObjectController.php
View File

@ -143,12 +143,7 @@ abstract class MonitoredObjectController extends Controller
*/ */
public function removeCommentAction() public function removeCommentAction()
{ {
/* $this->assertHttpMethod('POST');
* TODO(el): This is here because monitoring/list/comments has buttons to remove comments. Because of the nature
* of an action, the form is accessible via GET which does not make much sense because the form requires
* us to populate the ID of the comment which is to be deleted. We may introduce a combo box for choosing
* the comment ID on GET or deny GET access.
*/
$this->handleCommandForm(new DeleteCommentCommandForm()); $this->handleCommandForm(new DeleteCommentCommandForm());
} }
@ -157,12 +152,7 @@ abstract class MonitoredObjectController extends Controller
*/ */
public function deleteDowntimeAction() public function deleteDowntimeAction()
{ {
/* $this->assertHttpMethod('POST');
* TODO(el): This is here because monitoring/list/downtimes has buttons to remove comments. Because of the
* nature of an action, the form is accessible via GET which does not make much sense because the form requires
* us to populate the ID of the downtime which is to be deleted. We may introduce a combo box for choosing
* the downtime ID on GET or deny GET access.
*/
$this->handleCommandForm(new DeleteDowntimeCommandForm()); $this->handleCommandForm(new DeleteDowntimeCommandForm());
} }