From: Hypolite Petovan Date: Fri, 10 Sep 2021 16:05:43 +0000 (-0400) Subject: Move unsecured GET endpoint handlers before security token check in Module\Contact X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=8b450be09bacada8e4ae96079065783bbdacdf5b;p=friendica.git Move unsecured GET endpoint handlers before security token check in Module\Contact --- diff --git a/src/Module/Contact.php b/src/Module/Contact.php index bcdebf28d1..2b17deab40 100644 --- a/src/Module/Contact.php +++ b/src/Module/Contact.php @@ -365,6 +365,14 @@ class Contact extends BaseModule throw new NotFoundException(DI::l10n()->t('Contact not found')); } + if ($cmd === 'posts') { + return self::getPostsHTML($a, $contact_id); + } + + if ($cmd === 'conversations') { + return self::getConversationsHMTL($a, $contact_id, $update); + } + self::checkFormSecurityTokenRedirectOnError('contact/' . $contact_id, 'contact_action', 't'); $cdata = Model\Contact::getPublicAndUserContactID($orig_record['id'], local_user()); @@ -440,12 +448,6 @@ class Contact extends BaseModule DI::baseUrl()->redirect('contact'); // NOTREACHED } - if ($cmd === 'posts') { - return self::getPostsHTML($a, $contact_id); - } - if ($cmd === 'conversations') { - return self::getConversationsHMTL($a, $contact_id, $update); - } } $_SESSION['return_path'] = DI::args()->getQueryString();