Remove the `uuidHash` check from CoreRewriteTestAction

With the removal of the CORS headers this controller is no more or less
exploitable / sensitive than any other controller: It has a trivial
implementation. We can just make it available to everyone and remove the
special handling in OptionForm.

diff --git a/wcfsetup/install/files/acp/templates/__optionRewriteTest.tpl b/wcfsetup/install/files/acp/templates/__optionRewriteTest.tpl
index 8641770f8b737e7ee6dec459d012e7f3323c0316..e14487a430a9a2eb5997f29dde31b7f2fff55933 100644 (file)
--- a/wcfsetup/install/files/acp/templates/__optionRewriteTest.tpl
+++ b/wcfsetup/install/files/acp/templates/__optionRewriteTest.tpl
@@ -33,7 +33,7 @@
                        
                        const apps = new Map(Object.entries({
                                {* this bypasses the route system to force rewritten urls *}
-                               {implode from=$rewriteTestApplications item=$rewriteTestApplication}'{$rewriteTestApplication->getPackage()|encodeJS}': '{$__wcf->getPath($rewriteTestApplication->getAbbreviation())}core-rewrite-test/?uuidHash={$uuidHash}'{/implode}
+                               {implode from=$rewriteTestApplications item=$rewriteTestApplication}'{$rewriteTestApplication->getPackage()|encodeJS}': '{$__wcf->getPath($rewriteTestApplication->getAbbreviation())}core-rewrite-test/'{/implode}
                        }));
                        
                        AcpUiOptionRewriteTest.init(apps);

diff --git a/wcfsetup/install/files/lib/acp/form/OptionForm.class.php b/wcfsetup/install/files/lib/acp/form/OptionForm.class.php
index b13df8a5b8994db5121c4b5f3e911c8966dfd6ad..6c882abd188480d8806060c5e301ebb0540149a9 100644 (file)
--- a/wcfsetup/install/files/lib/acp/form/OptionForm.class.php
+++ b/wcfsetup/install/files/lib/acp/form/OptionForm.class.php
@@ -104,12 +104,6 @@ class OptionForm extends AbstractOptionListForm
     {
         parent::assignVariables();
 
-        if ($this->category->categoryName === "general") {
-            WCF::getTPL()->assign([
-                'uuidHash' => \hash('sha256', \WCF_UUID),
-            ]);
-        }
-
         WCF::getTPL()->assign([
             'category' => $this->category,
             'optionTree' => $this->optionTree,

diff --git a/wcfsetup/install/files/lib/action/CoreRewriteTestAction.class.php b/wcfsetup/install/files/lib/action/CoreRewriteTestAction.class.php
index 09f1063454dda011949ceafbbd94058c623f7ded..0121869ba14beecf470bf1c3cf541fb29f8e6d20 100644 (file)
--- a/wcfsetup/install/files/lib/action/CoreRewriteTestAction.class.php
+++ b/wcfsetup/install/files/lib/action/CoreRewriteTestAction.class.php
@@ -3,7 +3,6 @@
 namespace wcf\action;
 
 use Laminas\Diactoros\Response\JsonResponse;
-use wcf\system\exception\IllegalLinkException;
 
 /**
  * Internal action used to run a test for url rewriting.
@@ -17,20 +16,6 @@ final class CoreRewriteTestAction extends AbstractAction
 {
     const AVAILABLE_DURING_OFFLINE_MODE = true;
 
-    /**
-     * @inheritDoc
-     *
-     * @throws      IllegalLinkException
-     */
-    public function readParameters()
-    {
-        parent::readParameters();
-
-        if (!isset($_GET['uuidHash']) || !\hash_equals(\hash('sha256', WCF_UUID), $_GET['uuidHash'])) {
-            throw new IllegalLinkException();
-        }
-    }
-
     /**
      * @inheritDoc
      */