forking only possible with POST requests now
authorChristian Weiske <cweiske@cweiske.de>
Fri, 30 Mar 2012 05:54:14 +0000 (07:54 +0200)
committerChristian Weiske <cweiske@cweiske.de>
Fri, 30 Mar 2012 05:54:14 +0000 (07:54 +0200)
data/templates/display.htm
www/fork.php

index 0b95912..ca52775 100644 (file)
@@ -17,7 +17,9 @@
   <h3>Paste #{{repo.id}}</h3>
  </div>
  <div class="span4" style="text-align: right">
-  <a class="btn" href="{{repo.getLink('fork')}}"><i class="icon-share"></i> fork</a>
+  <form method="post" action="{{repo.getLink('fork')}}">
+    <button type="submit" class="btn"><i class="icon-share"></i> fork</button>
+  </form>
  </div>
 </div>
 
index 6bec5f0..f6ec95a 100644 (file)
@@ -4,6 +4,11 @@
  */
 namespace Phorkie;
 require_once 'www-header.php';
+
+if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
+    throw new Exception_Input('Forking only possible via POST');
+}
+
 $repo = new Repository();
 $repo->loadFromRequest();