lsm/Orchard
1
0
Fork 0
mirror of https://github.com/OrchardCMS/Orchard.git synced 2025-06-28 15:34:39 +08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Applying security fix

Browse Source 
http://docs.orchardproject.net/Documentation/Patch-20150519
This commit is contained in:
Sebastien Ros 2015-06-30 11:24:58 -07:00
parent d6748006a6
commit faa551cd0b
2 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/Orchard.Web/Modules/Orchard.Users/Controllers/AdminController.cs
View File

@ -287,6 +287,7 @@ namespace Orchard.Users.Controllers {
return RedirectToAction("Index");
}
[HttpPost]
public ActionResult SendChallengeEmail(int id) {
if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage users")))
return new HttpUnauthorizedResult();
@ -302,7 +303,9 @@ namespace Orchard.Users.Controllers {
return RedirectToAction("Index");
}
public ActionResult Approve(int id) {
[HttpPost]
public ActionResult Approve(int id)
{
if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage users")))
return new HttpUnauthorizedResult();
@ -316,7 +319,9 @@ namespace Orchard.Users.Controllers {
return RedirectToAction("Index");
}
public ActionResult Moderate(int id) {
[HttpPost]
public ActionResult Moderate(int id)
{
if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage users")))
return new HttpUnauthorizedResult();

6
src/Orchard.Web/Modules/Orchard.Users/Views/Admin/Index.cshtml
View File

@ -71,12 +71,12 @@
@Html.ActionLink(T("Edit").ToString(), "Edit", new { entry.User.Id }) |
@Html.ActionLink(T("Delete").ToString(), "Delete", new { entry.User.Id}, new { itemprop = "RemoveUrl UnsafeUrl" }) |
@if (entry.User.RegistrationStatus == UserStatus.Pending) {
@Html.ActionLink(T("Approve").ToString(), "Approve", new { entry.User.Id })
@Html.ActionLink(T("Approve").ToString(), "Approve", new { entry.User.Id }, new { itemprop = "UnsafeUrl" })
} else {
@Html.ActionLink(T("Disable").ToString(), "Moderate", new { entry.User.Id })
@Html.ActionLink(T("Disable").ToString(), "Moderate", new { entry.User.Id }, new { itemprop = "UnsafeUrl" })
}
@if (entry.User.EmailStatus == UserStatus.Pending) { <text>|</text>
@Html.ActionLink(T("Send challenge E-mail").ToString(), "SendChallengeEmail", new { entry.User.Id })
@Html.ActionLink(T("Send challenge E-mail").ToString(), "SendChallengeEmail", new { entry.User.Id }, new { itemprop = "UnsafeUrl" })
}
</td>
</tr>