Separate out GET and POST more explicitly
- No longer allow uploading directly via GET, that is terrible for security. Instead, use the GET parameters to pre-fill the upload form. - PageRequestEvent has a `method` property that can be checked in extensions
This commit is contained in:
@@ -20,13 +20,12 @@ class LogConsole extends Extension
|
||||
|
||||
if (
|
||||
$config->get_bool("log_console_access") &&
|
||||
isset($_SERVER['REQUEST_METHOD']) &&
|
||||
isset($_SERVER['REQUEST_URI'])
|
||||
) {
|
||||
$this->log(new LogEvent(
|
||||
"access",
|
||||
SCORE_LOG_INFO,
|
||||
"{$_SERVER['REQUEST_METHOD']} {$_SERVER['REQUEST_URI']}"
|
||||
"{$event->method} {$_SERVER['REQUEST_URI']}"
|
||||
));
|
||||
}
|
||||
|
||||
|
Reference in New Issue
Block a user