fix csrf whitelist, remove unused entries
Closes #1782 (closed)
What does this MR do?
- Fix the class name for entry
WallPostXhr::attachimage
so the CSRF whitelist applies correctly. - Remove the previously active but unused entries:
// class does not exist anymore:
'LoginXhr::joinsubmit'
'LoginXhr::join'
// class does not exist anymore:
'MailboxXhr::attach'
'MailboxXhr::fmail'
// only referenced in XhrDialog::addPictureField, which is not used anywhere:
'MainXhr::picupload'
// only referenced in src/Modules/Team/Team.js, which seems to be unused:
'TeamXhr::contact'
- Remove the already commented-out whitelist entries.
How confident are you it won't break things if deployed?
I could not find any usages for the removed entries. However, we could leave MainXhr::picupload
and TeamXhr::contact
in just to be sure.
Links to related issues
Closes #1782 (closed)
Followup for !3005 (merged)
How to test
Create a wall post with an attached image.
Checklist
-
added a test, or explain why one is not needed/possible... -
no unrelated changes -
asked someone for a code review -
set a "for:" label to indicate who will be affected by this change -
added to the next milestone (see https://gitlab.com/foodsharing-dev/foodsharing/-/milestones, unless it has a "for:Dev" label) -
added an entry to CHANGELOG.md
-
added a short text in the release notes to /release-notes/YYYY-MM.md -
Once your MR has been merged, you are responsible to create a testing issue in the Beta Testing forum: https://foodsharing.de/region?bid=734&sub=forum. Please change the MRs label to "state:Beta testing". - Consider writing a detailed description in German.
- Describe in a few sentences, what should be tested from a user perspective.
- Also mention different settings (e.g. different browsers, roles, ...) how this change can be tested.
- Be aware, that also non technical people should understand.
Edited by Neriton