diff options
author | Bernhard Posselt <dev@bernhard-posselt.com> | 2014-04-09 01:59:42 +0200 |
---|---|---|
committer | Bernhard Posselt <dev@bernhard-posselt.com> | 2014-04-09 22:52:27 +0200 |
commit | 4637dcc4587ed0c3b1695568a3c8a3853d695c5d (patch) | |
tree | e1778a3ddbaa95568ab90c211d49925f4946d157 /api | |
parent | 6d365e8083ecf67212203fe86fd1e1bf2b4ac281 (diff) |
migrate security annotations, please review
Diffstat (limited to 'api')
-rw-r--r-- | api/feedapi.php | 42 | ||||
-rw-r--r-- | api/folderapi.php | 30 | ||||
-rw-r--r-- | api/itemapi.php | 66 | ||||
-rw-r--r-- | api/newsapi.php | 20 |
4 files changed, 53 insertions, 105 deletions
diff --git a/api/feedapi.php b/api/feedapi.php index e77efef2e..0d9d158f1 100644 --- a/api/feedapi.php +++ b/api/feedapi.php @@ -59,10 +59,8 @@ class FeedAPI extends Controller { /** - * @IsAdminExemption - * @IsSubAdminExemption - * @CSRFExemption - * @Ajax + * @NoAdminRequired + * @NoCSRFRequired * @API */ public function getAll() { @@ -88,10 +86,8 @@ class FeedAPI extends Controller { /** - * @IsAdminExemption - * @IsSubAdminExemption - * @CSRFExemption - * @Ajax + * @NoAdminRequired + * @NoCSRFRequired * @API */ public function create() { @@ -125,10 +121,8 @@ class FeedAPI extends Controller { /** - * @IsAdminExemption - * @IsSubAdminExemption - * @CSRFExemption - * @Ajax + * @NoAdminRequired + * @NoCSRFRequired * @API */ public function delete() { @@ -146,10 +140,8 @@ class FeedAPI extends Controller { /** - * @IsAdminExemption - * @IsSubAdminExemption - * @CSRFExemption - * @Ajax + * @NoAdminRequired + * @NoCSRFRequired * @API */ public function read() { @@ -163,10 +155,8 @@ class FeedAPI extends Controller { /** - * @IsAdminExemption - * @IsSubAdminExemption - * @CSRFExemption - * @Ajax + * @NoAdminRequired + * @NoCSRFRequired * @API */ public function move() { @@ -185,10 +175,8 @@ class FeedAPI extends Controller { /** - * @IsAdminExemption - * @IsSubAdminExemption - * @CSRFExemption - * @Ajax + * @NoAdminRequired + * @NoCSRFRequired * @API */ public function rename() { @@ -207,8 +195,7 @@ class FeedAPI extends Controller { /** - * @CSRFExemption - * @Ajax + * @NoCSRFRequired * @API */ public function getAllFromAllUsers() { @@ -227,8 +214,7 @@ class FeedAPI extends Controller { /** - * @CSRFExemption - * @Ajax + * @NoCSRFRequired * @API */ public function update() { diff --git a/api/folderapi.php b/api/folderapi.php index 67efa59ea..ba35462f5 100644 --- a/api/folderapi.php +++ b/api/folderapi.php @@ -56,10 +56,8 @@ class FolderAPI extends Controller { /** - * @IsAdminExemption - * @IsSubAdminExemption - * @CSRFExemption - * @Ajax + * @NoAdminRequired + * @NoCSRFRequired * @API */ public function getAll() { @@ -77,10 +75,8 @@ class FolderAPI extends Controller { /** - * @IsAdminExemption - * @IsSubAdminExemption - * @CSRFExemption - * @Ajax + * @NoAdminRequired + * @NoCSRFRequired * @API */ public function create() { @@ -109,11 +105,9 @@ class FolderAPI extends Controller { /** - * @IsAdminExemption - * @IsSubAdminExemption - * @CSRFExemption + * @NoAdminRequired + * @NoCSRFRequired * @API - * @Ajax */ public function delete() { $userId = $this->api->getUserId(); @@ -130,10 +124,8 @@ class FolderAPI extends Controller { /** - * @IsAdminExemption - * @IsSubAdminExemption - * @CSRFExemption - * @Ajax + * @NoAdminRequired + * @NoCSRFRequired * @API */ public function update() { @@ -161,10 +153,8 @@ class FolderAPI extends Controller { /** - * @IsAdminExemption - * @IsSubAdminExemption - * @CSRFExemption - * @Ajax + * @NoAdminRequired + * @NoCSRFRequired * @API */ public function read() { diff --git a/api/itemapi.php b/api/itemapi.php index 821fdd382..c21b5817f 100644 --- a/api/itemapi.php +++ b/api/itemapi.php @@ -49,10 +49,8 @@ class ItemAPI extends Controller { /** - * @IsAdminExemption - * @IsSubAdminExemption - * @CSRFExemption - * @Ajax + * @NoAdminRequired + * @NoCSRFRequired * @API */ public function getAll() { @@ -91,10 +89,8 @@ class ItemAPI extends Controller { /** - * @IsAdminExemption - * @IsSubAdminExemption - * @CSRFExemption - * @Ajax + * @NoAdminRequired + * @NoCSRFRequired * @API */ public function getUpdated() { @@ -151,10 +147,8 @@ class ItemAPI extends Controller { /** - * @IsAdminExemption - * @IsSubAdminExemption - * @CSRFExemption - * @Ajax + * @NoAdminRequired + * @NoCSRFRequired * @API */ public function read() { @@ -163,10 +157,8 @@ class ItemAPI extends Controller { /** - * @IsAdminExemption - * @IsSubAdminExemption - * @CSRFExemption - * @Ajax + * @NoAdminRequired + * @NoCSRFRequired * @API */ public function unread() { @@ -175,10 +167,8 @@ class ItemAPI extends Controller { /** - * @IsAdminExemption - * @IsSubAdminExemption - * @CSRFExemption - * @Ajax + * @NoAdminRequired + * @NoCSRFRequired * @API */ public function star() { @@ -187,10 +177,8 @@ class ItemAPI extends Controller { /** - * @IsAdminExemption - * @IsSubAdminExemption - * @CSRFExemption - * @Ajax + * @NoAdminRequired + * @NoCSRFRequired * @API */ public function unstar() { @@ -199,10 +187,8 @@ class ItemAPI extends Controller { /** - * @IsAdminExemption - * @IsSubAdminExemption - * @CSRFExemption - * @Ajax + * @NoAdminRequired + * @NoCSRFRequired * @API */ public function readAll() { @@ -231,10 +217,8 @@ class ItemAPI extends Controller { /** - * @IsAdminExemption - * @IsSubAdminExemption - * @CSRFExemption - * @Ajax + * @NoAdminRequired + * @NoCSRFRequired * @API */ public function readMultiple() { @@ -243,10 +227,8 @@ class ItemAPI extends Controller { /** - * @IsAdminExemption - * @IsSubAdminExemption - * @CSRFExemption - * @Ajax + * @NoAdminRequired + * @NoCSRFRequired * @API */ public function unreadMultiple() { @@ -272,10 +254,8 @@ class ItemAPI extends Controller { /** - * @IsAdminExemption - * @IsSubAdminExemption - * @CSRFExemption - * @Ajax + * @NoAdminRequired + * @NoCSRFRequired * @API */ public function starMultiple() { @@ -284,10 +264,8 @@ class ItemAPI extends Controller { /** - * @IsAdminExemption - * @IsSubAdminExemption - * @CSRFExemption - * @Ajax + * @NoAdminRequired + * @NoCSRFRequired * @API */ public function unstarMultiple() { diff --git a/api/newsapi.php b/api/newsapi.php index 322defead..151afedf3 100644 --- a/api/newsapi.php +++ b/api/newsapi.php @@ -47,10 +47,8 @@ class NewsAPI extends Controller { /** - * @IsAdminExemption - * @IsSubAdminExemption - * @CSRFExemption - * @Ajax + * @NoAdminRequired + * @NoCSRFRequired * @API */ public function version() { @@ -61,8 +59,7 @@ class NewsAPI extends Controller { /** - * @CSRFExemption - * @Ajax + * @NoCSRFRequired * @API */ public function beforeUpdate() { @@ -72,8 +69,7 @@ class NewsAPI extends Controller { /** - * @CSRFExemption - * @Ajax + * @NoCSRFRequired * @API */ public function afterUpdate() { @@ -83,11 +79,9 @@ class NewsAPI extends Controller { /** - * @IsAdminExemption - * @IsSubAdminExemption - * @CSRFExemption - * @IsLoggedInExemption - * @Ajax + * @NoAdminRequired + * @NoCSRFRequired + * @PublicPage */ public function cors() { // needed for webapps access due to cross origin request policy |