upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-06-10 01:00:50 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 36

Merge pull request #46745 from nextcloud/refactor/comments/security-attributes

Browse source
This commit is contained in:
Kate 2024-07-26 07:13:50 +02:00 committed by GitHub
commit 41f7fa6840
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 4 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
apps/comments/lib/Controller/NotificationsController.php
View file

@ -7,7 +7,9 @@ namespace OCA\Comments\Controller;
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
use OCP\AppFramework\Http\Attribute\OpenAPI;
use OCP\AppFramework\Http\Attribute\PublicPage;
use OCP\AppFramework\Http\NotFoundResponse;
use OCP\AppFramework\Http\RedirectResponse;
use OCP\Comments\IComment;
@ -37,9 +39,6 @@ class NotificationsController extends Controller {
}
/**
* @PublicPage
* @NoCSRFRequired
*
* View a notification
*
* @param string $id ID of the notification
@ -49,6 +48,8 @@ class NotificationsController extends Controller {
* 303: Redirected to notification
* 404: Notification not found
*/
#[PublicPage]
#[NoCSRFRequired]
public function view(string $id): RedirectResponse|NotFoundResponse {
$currentUser = $this->userSession->getUser();
if (!$currentUser instanceof IUser) {