cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Prevent CSRF bypass unblocking users

Browse source
This commit is contained in:
mmd-osm 2021-02-09 19:46:17 +01:00 committed by Tom Hughes
parent 7810734ac4
commit c49e400aa3
2 changed files with 9 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
app/controllers/user_blocks_controller.rb
View file

@ -79,7 +79,7 @@ class UserBlocksController < ApplicationController
##
# revokes the block, setting the end_time to now
def revoke
if params[:confirm] && @user_block.revoke!(current_user)
if request.post? && params[:confirm] && @user_block.revoke!(current_user)
flash[:notice] = t ".flash"
redirect_to(@user_block)
end