oss/wallabag
oss/wallabag
1
0
Fork 0
mirror of https://github.com/wallabag/wallabag.git synced 2025-08-06 17:41:01 +00:00
Code Wiki Activity

Use 400 Bad Request errors for invalid CSRF everywhere

Browse source
This commit is contained in:
Yassine Guedidi 2025-03-23 22:12:08 +01:00
parent 5ea5115a72
commit 677b2986bc
4 changed files with 11 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

3
src/Wallabag/ApiBundle/Controller/DeveloperController.php
View file

@ -7,6 +7,7 @@ use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
use Symfony\Component\Routing\Annotation\Route;
use Symfony\Contracts\Translation\TranslatorInterface;
use Wallabag\ApiBundle\Entity\Client;
@ -76,7 +77,7 @@ class DeveloperController extends AbstractController
public function deleteClientAction(Request $request, Client $client, EntityManagerInterface $entityManager, TranslatorInterface $translator)
{
if (!$this->isCsrfTokenValid('delete-client', $request->request->get('token'))) {
throw $this->createAccessDeniedException('Bad CSRF token.');
throw new BadRequestHttpException('Bad CSRF token.');
}
if (null === $this->getUser() || $client->getUser()->getId() !== $this->getUser()->getId()) {