diff options
| author | Bernhard Posselt <dev@bernhard-posselt.com> | 2014-04-09 01:59:42 +0200 |
|---|---|---|
| committer | Bernhard Posselt <dev@bernhard-posselt.com> | 2014-04-09 22:52:27 +0200 |
| commit | 4637dcc4587ed0c3b1695568a3c8a3853d695c5d (patch) | |
| tree | e1778a3ddbaa95568ab90c211d49925f4946d157 /controller | |
| parent | 6d365e8083ecf67212203fe86fd1e1bf2b4ac281 (diff) | |
migrate security annotations, please review
Diffstat (limited to 'controller')
| -rw-r--r-- | controller/exportcontroller.php | 10 | ||||
| -rw-r--r-- | controller/feedcontroller.php | 40 | ||||
| -rw-r--r-- | controller/foldercontroller.php | 32 | ||||
| -rw-r--r-- | controller/itemcontroller.php | 28 | ||||
| -rw-r--r-- | controller/pagecontroller.php | 5 | ||||
| -rw-r--r-- | controller/usersettingscontroller.php | 24 |
6 files changed, 37 insertions, 102 deletions
diff --git a/controller/exportcontroller.php b/controller/exportcontroller.php index e16a5b513..33cb05204 100644 --- a/controller/exportcontroller.php +++ b/controller/exportcontroller.php @@ -61,9 +61,8 @@ class ExportController extends Controller { /** - * @IsAdminExemption - * @IsSubAdminExemption - * @CSRFExemption + * @NoAdminRequired + * @NoCSRFRequired */ public function opml(){ $userId = $this->api->getUserId(); @@ -75,9 +74,8 @@ class ExportController extends Controller { /** - * @IsAdminExemption - * @IsSubAdminExemption - * @CSRFExemption + * @NoAdminRequired + * @NoCSRFRequired */ public function articles(){ $userId = $this->api->getUserId(); diff --git a/controller/feedcontroller.php b/controller/feedcontroller.php index 29f60b8ea..76a582139 100644 --- a/controller/feedcontroller.php +++ b/controller/feedcontroller.php @@ -59,9 +59,7 @@ class FeedController extends Controller { /** - * @IsAdminExemption - * @IsSubAdminExemption - * @Ajax + * @NoAdminRequired */ public function feeds(){ $userId = $this->api->getUserId(); @@ -84,9 +82,7 @@ class FeedController extends Controller { /** - * @IsAdminExemption - * @IsSubAdminExemption - * @Ajax + * @NoAdminRequired */ public function active(){ $userId = $this->api->getUserId(); @@ -128,9 +124,7 @@ class FeedController extends Controller { /** - * @IsAdminExemption - * @IsSubAdminExemption - * @Ajax + * @NoAdminRequired */ public function create(){ $url = $this->params('url'); @@ -168,9 +162,7 @@ class FeedController extends Controller { /** - * @IsAdminExemption - * @IsSubAdminExemption - * @Ajax + * @NoAdminRequired */ public function delete(){ $feedId = (int) $this->params('feedId'); @@ -188,9 +180,7 @@ class FeedController extends Controller { /** - * @IsAdminExemption - * @IsSubAdminExemption - * @Ajax + * @NoAdminRequired */ public function update(){ try { @@ -221,9 +211,7 @@ class FeedController extends Controller { /** - * @IsAdminExemption - * @IsSubAdminExemption - * @Ajax + * @NoAdminRequired */ public function move(){ $feedId = (int) $this->params('feedId'); @@ -241,9 +229,7 @@ class FeedController extends Controller { } /** - * @IsAdminExemption - * @IsSubAdminExemption - * @Ajax + * @NoAdminRequired */ public function rename() { $feedId = (int) $this->params('feedId'); @@ -261,9 +247,7 @@ class FeedController extends Controller { } /** - * @IsAdminExemption - * @IsSubAdminExemption - * @Ajax + * @NoAdminRequired */ public function importArticles() { $json = $this->params('json'); @@ -281,9 +265,7 @@ class FeedController extends Controller { /** - * @IsAdminExemption - * @IsSubAdminExemption - * @Ajax + * @NoAdminRequired */ public function read(){ $userId = $this->api->getUserId(); @@ -305,9 +287,7 @@ class FeedController extends Controller { /** - * @IsAdminExemption - * @IsSubAdminExemption - * @Ajax + * @NoAdminRequired */ public function restore(){ $feedId = (int) $this->params('feedId'); diff --git a/controller/foldercontroller.php b/controller/foldercontroller.php index 4a133c6b2..332d09974 100644 --- a/controller/foldercontroller.php +++ b/controller/foldercontroller.php @@ -58,9 +58,7 @@ class FolderController extends Controller { /** - * @IsAdminExemption - * @IsSubAdminExemption - * @Ajax + * @NoAdminRequired */ public function folders(){ $folders = $this->folderBusinessLayer->findAll($this->api->getUserId()); @@ -80,9 +78,7 @@ class FolderController extends Controller { /** - * @IsAdminExemption - * @IsSubAdminExemption - * @Ajax + * @NoAdminRequired */ public function open(){ try { @@ -97,9 +93,7 @@ class FolderController extends Controller { /** - * @IsAdminExemption - * @IsSubAdminExemption - * @Ajax + * @NoAdminRequired */ public function collapse(){ try { @@ -114,9 +108,7 @@ class FolderController extends Controller { /** - * @IsAdminExemption - * @IsSubAdminExemption - * @Ajax + * @NoAdminRequired */ public function create(){ $userId = $this->api->getUserId(); @@ -151,9 +143,7 @@ class FolderController extends Controller { /** - * @IsAdminExemption - * @IsSubAdminExemption - * @Ajax + * @NoAdminRequired */ public function delete(){ $userId = $this->api->getUserId(); @@ -171,9 +161,7 @@ class FolderController extends Controller { /** - * @IsAdminExemption - * @IsSubAdminExemption - * @Ajax + * @NoAdminRequired */ public function rename(){ $userId = $this->api->getUserId(); @@ -206,9 +194,7 @@ class FolderController extends Controller { } /** - * @IsAdminExemption - * @IsSubAdminExemption - * @Ajax + * @NoAdminRequired */ public function read(){ $userId = $this->api->getUserId(); @@ -225,9 +211,7 @@ class FolderController extends Controller { /** - * @IsAdminExemption - * @IsSubAdminExemption - * @Ajax + * @NoAdminRequired */ public function restore(){ $userId = $this->api->getUserId(); diff --git a/controller/itemcontroller.php b/controller/itemcontroller.php index a813d92ca..2dd919fed 100644 --- a/controller/itemcontroller.php +++ b/controller/itemcontroller.php @@ -53,9 +53,7 @@ class ItemController extends Controller { /** - * @IsAdminExemption - * @IsSubAdminExemption - * @Ajax + * @NoAdminRequired */ public function items(){ $userId = $this->api->getUserId(); @@ -94,9 +92,7 @@ class ItemController extends Controller { /** - * @IsAdminExemption - * @IsSubAdminExemption - * @Ajax + * @NoAdminRequired */ public function newItems() { $userId = $this->api->getUserId(); @@ -132,9 +128,7 @@ class ItemController extends Controller { /** - * @IsAdminExemption - * @IsSubAdminExemption - * @Ajax + * @NoAdminRequired */ public function star(){ try { @@ -149,9 +143,7 @@ class ItemController extends Controller { /** - * @IsAdminExemption - * @IsSubAdminExemption - * @Ajax + * @NoAdminRequired */ public function unstar(){ try { @@ -174,9 +166,7 @@ class ItemController extends Controller { /** - * @IsAdminExemption - * @IsSubAdminExemption - * @Ajax + * @NoAdminRequired */ public function read(){ try { @@ -191,9 +181,7 @@ class ItemController extends Controller { /** - * @IsAdminExemption - * @IsSubAdminExemption - * @Ajax + * @NoAdminRequired */ public function unread(){ try { @@ -208,9 +196,7 @@ class ItemController extends Controller { /** - * @IsAdminExemption - * @IsSubAdminExemption - * @Ajax + * @NoAdminRequired */ public function readAll(){ $userId = $this->api->getUserId(); diff --git a/controller/pagecontroller.php b/controller/pagecontroller.php index f0d6b78e3..0526d79e8 100644 --- a/controller/pagecontroller.php +++ b/controller/pagecontroller.php @@ -39,9 +39,8 @@ class PageController extends Controller { /** - * @IsAdminExemption - * @IsSubAdminExemption - * @CSRFExemption + * @NoAdminRequired + * @NoCSRFRequired */ public function index() { return $this->render('main'); diff --git a/controller/usersettingscontroller.php b/controller/usersettingscontroller.php index 11799aca1..46e003d2c 100644 --- a/controller/usersettingscontroller.php +++ b/controller/usersettingscontroller.php @@ -42,9 +42,7 @@ class UserSettingsController extends Controller { /** - * @IsAdminExemption - * @IsSubAdminExemption - * @Ajax + * @NoAdminRequired */ public function read(){ $showAll = $this->api->getUserValue('showAll'); @@ -57,9 +55,7 @@ class UserSettingsController extends Controller { /** - * @IsAdminExemption - * @IsSubAdminExemption - * @Ajax + * @NoAdminRequired */ public function show(){ $this->api->setUserValue('showAll', true); @@ -69,9 +65,7 @@ class UserSettingsController extends Controller { /** - * @IsAdminExemption - * @IsSubAdminExemption - * @Ajax + * @NoAdminRequired */ public function hide(){ $this->api->setUserValue('showAll', false); @@ -81,9 +75,7 @@ class UserSettingsController extends Controller { /** - * @IsAdminExemption - * @IsSubAdminExemption - * @Ajax + * @NoAdminRequired */ public function getLanguage(){ $language = $this->api->getTrans()->findLanguage(); @@ -96,9 +88,7 @@ class UserSettingsController extends Controller { /** - * @IsAdminExemption - * @IsSubAdminExemption - * @Ajax + * @NoAdminRequired */ public function isCompactView(){ $compact = $this->api->getUserValue('compact'); @@ -110,9 +100,7 @@ class UserSettingsController extends Controller { /** - * @IsAdminExemption - * @IsSubAdminExemption - * @Ajax + * @NoAdminRequired */ public function setCompactView(){ $isCompact = $this->params('compact'); |