SECURITY: Make sure export CSV is generated via a POST

2025-02-25 18:55:32 -06:00 · 2015-07-24 12:33:53 -04:00
parent c78dbb7fa5
commit 29439e5534
10 changed files with 33 additions and 78 deletions
--- a/app/assets/javascripts/admin/routes/admin-users-list.js.es6
+++ b/app/assets/javascripts/admin/routes/admin-users-list.js.es6
@@ -1,10 +1,11 @@
+import { exportEntity } from 'discourse/lib/export-csv';
 import { outputExportResult } from 'discourse/lib/export-result';

 export default Discourse.Route.extend({

  actions: {
    exportUsers: function() {
-      Discourse.ExportCsv.exportUserList().then(outputExportResult);
+      exportEntity('user_list').then(outputExportResult);
    },

    sendInvites: function() {