Home Explore Help
Register Sign In
3erPartyFlowdat3
/
SonataAdminBundle
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Make sure the XmlHttpRequest header is checked

Thomas Rabaix 11 years ago
parent
7517db3d59
commit
cb66be169b
2 changed files with 5 additions and 1 deletions
Unified View Show Diff Stats
  1. 4 0
      Controller/HelperController.php
  2. 1 1
      Tests/Controller/HelperControllerTest.php

+ 4 - 0
Controller/HelperController.php
View File 

@@ -208,6 +208,10 @@ class HelperController
 
         $admin->setRequest($request);
 
         $admin->setRequest($request);
 
 
 
         // alter should be done by using a post method
 
         // alter should be done by using a post method
 
+        if (!$request->isXmlHttpRequest()) {
 
+            return new JsonResponse(array('status' => 'KO', 'message' => 'Expected a XmlHttpRequest request header'));
 
+        }
 
+
 
         if ($request->getMethod() != 'POST') {
 
         if ($request->getMethod() != 'POST') {
 
             return new JsonResponse(array('status' => 'KO', 'message' => 'Expected a POST Request'));
 
             return new JsonResponse(array('status' => 'KO', 'message' => 'Expected a POST Request'));
 
         }
 
         }

+ 1 - 1
Tests/Controller/HelperControllerTest.php
View File 

@@ -162,7 +162,7 @@ class HelperControllerTest extends \PHPUnit_Framework_TestCase
 
             'field'   => 'enabled',
 
             'field'   => 'enabled',
 
             'value'   => 1,
 
             'value'   => 1,
 
             'context' => 'list',
 
             'context' => 'list',
 
-        ), array(), array(), array(), array(), array('REQUEST_METHOD' => 'POST'));
 
+        ), array(), array(), array(), array(), array('REQUEST_METHOD' => 'POST', 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest'));
 
 
 
         $pool = new Pool($container, 'title', 'logo');
 
         $pool = new Pool($container, 'title', 'logo');