lsm/Orchard
1
0
Fork 0
mirror of https://github.com/OrchardCMS/Orchard.git synced 2026-01-23 13:22:08 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

User approval, disabling and challange e-mail re-send is an unsafe operation and should use POST.

Browse Source
This commit is contained in:
Lombiq
2015-01-26 20:21:12 +01:00
committed by Zoltán Lehóczky
parent e612fc031e
commit 8dae8f3d5b
2 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/Orchard.Web/Modules/Orchard.Users/Controllers/AdminController.cs
View File

@@ -289,6 +289,7 @@ namespace Orchard.Users.Controllers {
return RedirectToAction("Index");
}
[HttpPost]
public ActionResult SendChallengeEmail(int id) {
if (!Services.Authorizer.Authorize(Permissions.ManageUsers, T("Not authorized to manage users")))
return new HttpUnauthorizedResult();
@@ -309,6 +310,7 @@ namespace Orchard.Users.Controllers {
return RedirectToAction("Index");
}
[HttpPost]
public ActionResult Approve(int id) {
if (!Services.Authorizer.Authorize(Permissions.ManageUsers, T("Not authorized to manage users")))
return new HttpUnauthorizedResult();
@@ -324,6 +326,7 @@ namespace Orchard.Users.Controllers {
return RedirectToAction("Index");
}
[HttpPost]
public ActionResult Moderate(int id) {
if (!Services.Authorizer.Authorize(Permissions.ManageUsers, T("Not authorized to manage users")))
return new HttpUnauthorizedResult();