oss/wallabag
oss/wallabag
1
0
Fork 0
mirror of https://github.com/wallabag/wallabag.git synced 2025-08-01 17:38:38 +00:00
Code Wiki Activity

Merge remote-tracking branch 'origin/2.5.x'

Browse source
This commit is contained in:
Jeremy Benoist 2023-04-24 14:36:32 +02:00
commit 66b7bdd07c
No known key found for this signature in database
GPG key ID: 7168D5DD29F38552
18 changed files with 614 additions and 472 deletions
Download patch file Download diff file Expand all files Collapse all files

14
src/Wallabag/CoreBundle/Controller/ExportController.php
View file

@ -7,7 +7,6 @@ use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
use Symfony\Component\Routing\Annotation\Route;
use Wallabag\CoreBundle\Entity\Entry;
use Wallabag\CoreBundle\Helper\EntriesExport;
use Wallabag\CoreBundle\Repository\EntryRepository;
use Wallabag\CoreBundle\Repository\TagRepository;
@ -28,9 +27,20 @@ class ExportController extends AbstractController
*
* @return Response
*/
public function downloadEntryAction(Entry $entry, EntriesExport $entriesExport, string $format)
public function downloadEntryAction(Request $request, EntryRepository $entryRepository, EntriesExport $entriesExport, string $format, int $id)
{
try {
$entry = $entryRepository->find($id);
/*
* We duplicate EntryController::checkUserAction here as a quick fix for an improper authorization vulnerability
*
* This should be eventually rewritten
*/
if (null === $entry || null === $this->getUser() || $this->getUser()->getId() !== $entry->getUser()->getId()) {
throw new NotFoundHttpException();
}
return $entriesExport
->setEntries($entry)
->updateTitle('entry')