oss/wallabag
oss/wallabag
1
0
Fork 0
mirror of https://github.com/wallabag/wallabag.git synced 2025-06-27 16:36:00 +00:00
Code Wiki Activity

Protect delete_ignore_origin_rule with a CSRF token

Browse source
This commit is contained in:
Yassine Guedidi 2025-03-18 23:57:18 +01:00
parent 264f91126e
commit 6fa61c0f9c
3 changed files with 18 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

10
tests/Wallabag/CoreBundle/Controller/ConfigControllerTest.php
View file

@ -642,9 +642,9 @@ class ConfigControllerTest extends WallabagCoreTestCase
$this->assertStringContainsString('host = "example.org"', $crawler->filter('body')->extract(['_text'])[0]);
$deleteLink = $crawler->filter('div[id=set6] a.delete')->last()->link();
$form = $crawler->filter('#set6')->selectButton('delete')->form();
$crawler = $client->click($deleteLink);
$crawler = $client->submit($form);
$this->assertSame(302, $client->getResponse()->getStatusCode());
$crawler = $client->followRedirect();
@ -709,11 +709,11 @@ class ConfigControllerTest extends WallabagCoreTestCase
->getRepository(IgnoreOriginUserRule::class)
->findAll()[0];
$crawler = $client->request('GET', '/ignore-origin-user-rule/edit/' . $rule->getId());
$crawler = $client->request('POST', '/ignore-origin-user-rule/delete/' . $rule->getId());
$this->assertSame(403, $client->getResponse()->getStatusCode());
$this->assertSame(400, $client->getResponse()->getStatusCode());
$this->assertGreaterThan(1, $body = $crawler->filter('body')->extract(['_text']));
$this->assertStringContainsString('You can not access this rule', $body[0]);
$this->assertStringContainsString('Bad CSRF token.', $body[0]);
}
public function testEditingIgnoreOriginRuleFromAnOtherUser()