oss/wallabag
oss/wallabag
1
0
Fork 0
mirror of https://github.com/wallabag/wallabag.git synced 2025-06-27 16:36:00 +00:00
Code Wiki Activity

Protect mass_action with a CSRF token

Browse source
This commit is contained in:
Yassine Guedidi 2025-03-30 05:58:54 +02:00
parent 27f0d94db7
commit 5ea5115a72
3 changed files with 24 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

16
tests/Wallabag/CoreBundle/Controller/EntryControllerTest.php
View file

@ -1764,8 +1764,12 @@ class EntryControllerTest extends WallabagCoreTestCase
$entries[] = $entry1Id = $entry1->getId();
$entries[] = $entry2Id = $entry2->getId();
$crawler = $client->request('GET', '/all/list');
$token = $crawler->filter('#form_mass_action input[name=token]')->attr('value');
// Mass actions : archive
$client->request('POST', '/mass', [
'token' => $token,
'toggle-archive' => '',
'entry-checkbox' => $entries,
]);
@ -1786,8 +1790,12 @@ class EntryControllerTest extends WallabagCoreTestCase
$this->assertSame(1, $res->isArchived());
$crawler = $client->request('GET', '/all/list');
$token = $crawler->filter('#form_mass_action input[name=token]')->attr('value');
// Mass actions : star
$client->request('POST', '/mass', [
'token' => $token,
'toggle-star' => '',
'entry-checkbox' => $entries,
]);
@ -1808,8 +1816,12 @@ class EntryControllerTest extends WallabagCoreTestCase
$this->assertSame(1, $res->isStarred());
$crawler = $client->request('GET', '/all/list');
$token = $crawler->filter('#form_mass_action input[name=token]')->attr('value');
// Mass actions : tag
$client->request('POST', '/mass', [
'token' => $token,
'tag' => '',
'tags' => 'foo',
'entry-checkbox' => $entries,
@ -1838,8 +1850,12 @@ class EntryControllerTest extends WallabagCoreTestCase
$this->assertNotContains('foo', $res->getTagsLabel());
$crawler = $client->request('GET', '/all/list');
$token = $crawler->filter('#form_mass_action input[name=token]')->attr('value');
// Mass actions : delete
$client->request('POST', '/mass', [
'token' => $token,
'delete' => '',
'entry-checkbox' => $entries,
]);