oss/wallabag
oss/wallabag
1
0
Fork 0
mirror of https://github.com/wallabag/wallabag.git synced 2025-08-06 17:41:01 +00:00
Code Wiki Activity

Replace GET way to POST way to delete API client

Browse source
This commit is contained in:
Nicolas Lœuillet 2023-07-29 10:31:51 +02:00 committed by Kevin Decherf
parent f4fd8e4675
commit c3d1f92278
3 changed files with 15 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

9
src/Wallabag/ApiBundle/Controller/DeveloperController.php
View file

@ -69,12 +69,17 @@ class DeveloperController extends AbstractController
/**
* Remove a client.
*
* @Route("/developer/client/delete/{id}", requirements={"id" = "\d+"}, name="developer_delete_client")
* @Route("/developer/client/delete/{id}", requirements={"id" = "\d+"}, name="developer_delete_client", methods={"POST"})
*
* @return RedirectResponse
*/
public function deleteClientAction(Client $client, EntityManagerInterface $entityManager, TranslatorInterface $translator)
public function deleteClientAction(Request $request, Client $client, EntityManagerInterface $entityManager, TranslatorInterface $translator)
{
if (!$this->isCsrfTokenValid('delete-client', $request->request->get('token'))) {
throw $this->createAccessDeniedException('Bad CSRF token.');
}
if (null === $this->getUser() || $client->getUser()->getId() !== $this->getUser()->getId()) {
throw $this->createAccessDeniedException('You can not access this client.');
}