]> git.openstreetmap.org Git - rails.git/blobdiff - app/controllers/user_blocks_controller.rb
projects / rails.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Prevent CSRF bypass unblocking users
[rails.git] / app / controllers / user_blocks_controller.rb
diff --git a/app/controllers/user_blocks_controller.rb b/app/controllers/user_blocks_controller.rb
index 058c442d50999aef995831cc9598bb9e8906c8b9..63fca655750830184e5a0d221326b050426e5fce 100644 (file)
--- a/app/controllers/user_blocks_controller.rb
+++ b/app/controllers/user_blocks_controller.rb
@@ -79,7 +79,7 @@ class UserBlocksController < ApplicationController
   ##
   # revokes the block, setting the end_time to now
   def revoke
-    if params[:confirm] && @user_block.revoke!(current_user)
+    if request.post? && params[:confirm] && @user_block.revoke!(current_user)
       flash[:notice] = t ".flash"
       redirect_to(@user_block)
     end
The OpenStreetMap web site