Separate out GET and POST more explicitly

- No longer allow uploading directly via GET, that is terrible for
  security. Instead, use the GET parameters to pre-fill the upload form.
- PageRequestEvent has a `method` property that can be checked in
  extensions
This commit is contained in:
Shish
2024-01-01 02:32:13 +00:00
committed by Shish
parent 5356008985
commit 26bf4277e0
11 changed files with 109 additions and 119 deletions

View File

@@ -20,13 +20,12 @@ class LogConsole extends Extension
if (
$config->get_bool("log_console_access") &&
isset($_SERVER['REQUEST_METHOD']) &&
isset($_SERVER['REQUEST_URI'])
) {
$this->log(new LogEvent(
"access",
SCORE_LOG_INFO,
"{$_SERVER['REQUEST_METHOD']} {$_SERVER['REQUEST_URI']}"
"{$event->method} {$_SERVER['REQUEST_URI']}"
));
}