Validate toolbar subtrees hash in AJAX responses
Compare changes
@@ -37,10 +37,13 @@ public function __construct(
@@ -37,10 +37,13 @@ public function __construct(
@@ -67,8 +70,7 @@ public function subtreesAjax() {
@@ -67,8 +70,7 @@ public function subtreesAjax() {
return AccessResult::allowedIf($this->currentUser()->hasPermission('access toolbar') && hash_equals($expected_hash, $hash))->cachePerPermissions();