MAGETWO-85139: Cross-Site Request Forgery (Backups, maintenance mode) - Magento 1 & 2

DianaRusin · DianaRusin · commit 032bfdd82013 · 2018-03-09T11:22:19.000+02:00
diff --git a/app/code/Magento/Backup/Controller/Adminhtml/Index/Create.php b/app/code/Magento/Backup/Controller/Adminhtml/Index/Create.php
@@ -19,7 +19,7 @@ class Create extends \Magento\Backup\Controller\Adminhtml\Index
      */
     public function execute()
     {
-        if (!$this->requestAllowed()) {
+        if (!$this->isRequestAllowed()) {
             return $this->_redirect('*/*/index');
         }
 
@@ -112,7 +112,7 @@ public function execute()
      *
      * @return bool
      */
-    private function requestAllowed()
+    private function isRequestAllowed()
     {
         return $this->getRequest()->isAjax() && $this->getRequest()->isPost();
     }

Original file line number	Diff line number	Diff line change
`@@ -19,7 +19,7 @@ class Create extends \Magento\Backup\Controller\Adminhtml\Index`
`19`	`19`	`*/`
`20`	`20`	`public function execute()`
`21`	`21`	`{`
`22`		`- if (!$this->requestAllowed()) {`
	`22`	`+ if (!$this->isRequestAllowed()) {`
`23`	`23`	`return $this->_redirect('//index');`
`24`	`24`	`}`
`25`	`25`
`@@ -112,7 +112,7 @@ public function execute()`
`112`	`112`	`*`
`113`	`113`	`* @return bool`
`114`	`114`	`*/`
`115`		`- private function requestAllowed()`
	`115`	`+ private function isRequestAllowed()`
`116`	`116`	`{`
`117`	`117`	`return $this->getRequest()->isAjax() && $this->getRequest()->isPost();`
`118`	`118`	`}`