oss/wallabag
oss/wallabag
1
0
Fork 0
mirror of https://github.com/wallabag/wallabag.git synced 2025-08-01 17:38:38 +00:00
Code Wiki Activity

Merge pull request from GHSA-p8gp-899c-jvq9

Browse source 
Replace GET way to POST way to reset data user
This commit is contained in:
Nicolas Lœuillet 2023-08-21 11:08:24 +02:00 committed by GitHub
commit 78b0b55c40
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 44 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/Wallabag/CoreBundle/Controller/ConfigController.php
View file

@ -523,12 +523,16 @@ class ConfigController extends AbstractController
/**
* Remove all annotations OR tags OR entries for the current user.
*
* @Route("/reset/{type}", requirements={"id" = "annotations|tags|entries"}, name="config_reset")
* @Route("/reset/{type}", requirements={"id" = "annotations|tags|entries"}, name="config_reset", methods={"POST"})
*
* @return RedirectResponse
*/
public function resetAction(string $type, AnnotationRepository $annotationRepository, EntryRepository $entryRepository)
public function resetAction(Request $request, string $type, AnnotationRepository $annotationRepository, EntryRepository $entryRepository)
{
if (!$this->isCsrfTokenValid('reset-area', $request->request->get('token'))) {
throw $this->createAccessDeniedException('Bad CSRF token.');
}
switch ($type) {
case 'annotations':
$annotationRepository->removeAllByUserId($this->getUser()->getId());