- Issue created by @danrod
- 🇨🇦Canada danrod Ottawa
After some thinking, I've decided to just disable the importing of all the calendar events at
/calendar/all/importand let the user to sync their calendars at/admin/calendar, there's already a cron hook that imports all the events from all the calendars that can be run at midnight and allowing the user to do it from/calendar/all/importit's an invitation for a potential DoS.Now, all the requests to
/calendar/all/importwill go to/admin/calendar.I still added CSRF tokens for importe single calendars, for example:
http://example.com/admin/calendar/1/import?token=Pe1Mz72klJE5yeV9xMaksh32Xj_Kl8FYH_yOyLnbW40Ready for review.
- Merge request !23Issue # 3516174: Refactoring to disable /calendar/all/import and some other minor fixes → (Merged) created by danrod
- 🇨🇦Canada danrod Ottawa
I'll close this issue and mark it as "Fixed" for now, any anyone has any questions/concerns about this fix, please let me know and I'll re-open the task.