oss/wallabag
oss/wallabag
1
0
Fork 0
mirror of https://github.com/wallabag/wallabag.git synced 2025-08-06 17:41:01 +00:00
Code Wiki Activity

Protect revoke_token with a CSRF token

Browse source
This commit is contained in:
Yassine Guedidi 2025-03-18 23:42:51 +01:00
parent d703fa6a3a
commit ac5b5fb379
3 changed files with 33 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

10
src/Wallabag/CoreBundle/Controller/ConfigController.php
View file

@ -455,22 +455,22 @@ class ConfigController extends AbstractController
}
/**
* @Route("/revoke-token", name="revoke_token")
* @Route("/revoke-token", name="revoke_token", methods={"POST"})
*
* @return RedirectResponse|JsonResponse
*/
public function revokeTokenAction(Request $request)
{
if (!$this->isCsrfTokenValid('revoke-token', $request->request->get('token'))) {
throw new BadRequestHttpException('Bad CSRF token.');
}
$config = $this->getConfig();
$config->setFeedToken(null);
$this->entityManager->persist($config);
$this->entityManager->flush();
if ($request->isXmlHttpRequest()) {
return new JsonResponse();
}
$this->addFlash(
'notice',
'flashes.config.notice.feed_token_revoked'