Exemplos de opWebRequest::checkCSRFProtection em PHP

Exemplo n.º 1

Arquivo: opConfirmationAction.class.php Projeto: te-koyama/openpne

 public function executeDecision(opWebRequest $request)
 {
     $request->checkCSRFProtection();
     $this->checkCategory();
     $params = array('category' => $this->category, 'id' => $request->getParameter('id'), 'is_accepted' => $request->hasParameter('accept'), 'member' => $this->getUser()->getMember());
     $event = new sfEvent($this, 'op_confirmation.decision', $params);
     $this->dispatcher->notifyUntil($event);
     if ($event->isProcessed()) {
         $message = (string) $event->getReturnValue();
         $this->getUser()->setFlash('notice', $message);
     }
     $this->redirect('@confirmation_list?category=' . $this->category);
 }

Exemplo n.º 2

Arquivo: opCommunityAction.class.php Projeto: te-koyama/openpne

 /**
  * Executes dropMember action
  *
  * @param sfRequest $request A request object
  */
 public function executeDropMember(opWebRequest $request)
 {
     $this->redirectUnless($this->isAdmin || $this->isSubAdmin, '@error');
     $member = Doctrine::getTable('Member')->find($request->getParameter('member_id'));
     $this->forward404Unless($member);
     $isCommunityMember = Doctrine::getTable('CommunityMember')->isMember($member->getId(), $this->id);
     $this->redirectUnless($isCommunityMember, '@error');
     $isAdmin = Doctrine::getTable('CommunityMember')->isAdmin($member->getId(), $this->id);
     $isSubAdmin = Doctrine::getTable('CommunityMember')->isSubAdmin($member->getId(), $this->id);
     $this->redirectIf($isAdmin || $isSubAdmin, '@error');
     if ($request->isMethod(sfWebRequest::POST)) {
         $request->checkCSRFProtection();
         Doctrine::getTable('CommunityMember')->quit($member->getId(), $this->id);
         $this->redirect('@community_memberManage?id=' . $this->id);
     }
     $this->member = $member;
     $this->community = Doctrine::getTable('Community')->find($this->id);
     return sfView::INPUT;
 }

Exemplo n.º 3

Arquivo: opMemberAction.class.php Projeto: nishizoe/OpenPNE3

 public function executeDeleteActivity(opWebRequest $request)
 {
     $this->forward404Unless($request->hasParameter('id'));
     $this->activity = Doctrine::getTable('ActivityData')->find($this->id);
     $this->forward404Unless($this->activity instanceof ActivityData);
     $this->forward404Unless($this->activity->getMemberId() == $this->getUser()->getMemberId());
     if ($request->isMethod(sfWebRequest::POST)) {
         $request->checkCSRFProtection();
         $this->activity->delete();
         $this->getUser()->setFlash('notice', 'An %activity% was deleted.');
         $this->redirect('friend/showActivity');
     }
     return sfView::INPUT;
 }

Exemplo n.º 4

Arquivo: actions.class.php Projeto: te-koyama/openpne

 /**
  * Executes configJsonApi action
  *
  * @param sfRequest $request A request object
  */
 public function executeConfigJsonApi(opWebRequest $request)
 {
     $this->forward404Unless(opConfig::get('enable_jsonapi'));
     $member = $this->getUser()->getMember();
     if (isset($request['reset_api_key']) && '1' === $request['reset_api_key']) {
         $request->checkCSRFProtection();
         $member->generateApiKey();
     }
     $this->apiKey = $member->getApiKey();
     return sfView::SUCCESS;
 }

Exemplo n.º 5

Arquivo: actions.class.php Projeto: te-koyama/openpne

 /**
  * Executes deleteImage action
  *
  * @param opWebRequest $request a request object
  */
 public function executeDeleteImage(opWebRequest $request)
 {
     $this->forward404Unless($this->id && $this->isEditCommunity);
     $this->community = Doctrine::getTable('Community')->find($this->id);
     $this->forward404Unless($this->community->getImageFileName());
     $this->form = new sfForm();
     if ($request->isMethod(sfWebRequest::POST)) {
         $request->checkCSRFProtection();
         $this->community->getFile()->delete();
         $this->redirect('community/configImage?id=' . $this->id);
     }
 }

Exemplo n.º 6

Arquivo: opFriendAction.class.php Projeto: te-koyama/openpne

 /**
  * Executes unlink action
  *
  * @param sfRequest $request A request object
  */
 public function executeUnlink(opWebRequest $request)
 {
     $this->redirectToHomeIfIdIsNotValid();
     if (!$this->relation->isFriend()) {
         $this->getUser()->setFlash('error', 'This member is not your %friend%.');
         $this->redirect('friend/manage');
     }
     if ($request->isMethod(sfWebRequest::POST)) {
         $request->checkCSRFProtection();
         $this->relation->removeFriend();
         $this->redirect('friend/manage');
     }
     $this->member = Doctrine::getTable('Member')->find($this->id);
     return sfView::INPUT;
 }

Exemplo n.º 7

Arquivo: actions.class.php Projeto: te-koyama/openpne

 public function executeDeleteImage(opWebRequest $request)
 {
     $this->image = Doctrine::getTable('MemberImage')->find($request->getParameter('member_image_id'));
     $this->forward404Unless($this->image);
     $this->forward404Unless($this->image->getMemberId() == $this->getUser()->getMemberId());
     $this->form = new sfForm();
     if ($request->isMethod(sfWebRequest::POST)) {
         $request->checkCSRFProtection();
         $this->image->delete();
         $this->redirect('member/configImage');
     }
 }