Merge remote-tracking branch 'security/patch/3.1/ss-2015-029' into 3.1.19

2024-10-02 14:18:46 +02:00 · 2016-05-05 01:01:15 +01:00 · 2016-05-05 01:01:15 +01:00 · 47c3165aa3
commit 47c3165aa3
parent 71a4f1e605 3c0f2e8e11
2 changed files with 7 additions and 1 deletions
--- a/admin/code/LeftAndMain.php
+++ b/admin/code/LeftAndMain.php
@ -1046,6 +1046,9 @@ class LeftAndMain extends Controller implements PermissionProvider {
 	 * @return SS_HTTPResponse JSON string with a 
 	 */
 	public function savetreenode($request) {
 		if (!SecurityToken::inst()->checkRequest($request)) {
 			return $this->httpError(400);
 		}
 		if (!Permission::check('SITETREE_REORGANISE') && !Permission::check('ADMIN')) {
 			$this->response->setStatusCode(
 				403,
--- a/admin/javascript/LeftAndMain.Tree.js
+++ b/admin/javascript/LeftAndMain.Tree.js
@ -97,7 +97,10 @@
 							});
 							$.ajax({
-								'url': self.data('urlSavetreenode'),
+								'url': $.path.addSearchParams(
 									self.data('urlSavetreenode'),
 									self.data('extraParams')
 								),
 								'type': 'POST',
 								'data': {
 									ID: nodeID,