Merge remote-tracking branch 'security/patch/3.1/ss-2015-029' into 3.1.19

This commit is contained in:
Daniel Hensby 2016-05-05 01:01:15 +01:00
commit 47c3165aa3
No known key found for this signature in database
GPG Key ID: E38EC566FE29EB66
2 changed files with 7 additions and 1 deletions

View File

@ -1046,6 +1046,9 @@ class LeftAndMain extends Controller implements PermissionProvider {
* @return SS_HTTPResponse JSON string with a
*/
public function savetreenode($request) {
if (!SecurityToken::inst()->checkRequest($request)) {
return $this->httpError(400);
}
if (!Permission::check('SITETREE_REORGANISE') && !Permission::check('ADMIN')) {
$this->response->setStatusCode(
403,

View File

@ -97,7 +97,10 @@
});
$.ajax({
'url': self.data('urlSavetreenode'),
'url': $.path.addSearchParams(
self.data('urlSavetreenode'),
self.data('extraParams')
),
'type': 'POST',
'data': {
ID: nodeID,