oss/wallabag
oss/wallabag
1
0
Fork 0
mirror of https://github.com/wallabag/wallabag.git synced 2025-08-16 18:01:38 +00:00
Code Wiki Activity

Protect delete_share with a CSRF token

Browse source
This commit is contained in:
Yassine Guedidi 2025-03-23 13:13:11 +01:00
parent 0d8429dfc7
commit d1e128900a
3 changed files with 22 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/Wallabag/CoreBundle/Controller/EntryController.php
View file

@ -570,12 +570,16 @@ class EntryController extends AbstractController
/**
* Disable public sharing for an entry.
*
* @Route("/share/delete/{id}", requirements={"id" = "\d+"}, name="delete_share")
* @Route("/share/delete/{id}", name="delete_share", methods={"POST"}, requirements={"id" = "\d+"})
*
* @return Response
*/
public function deleteShareAction(Entry $entry)
public function deleteShareAction(Request $request, Entry $entry)
{
if (!$this->isCsrfTokenValid('delete-share', $request->request->get('token'))) {
throw new BadRequestHttpException('Bad CSRF token.');
}
$this->checkUserAction($entry);
$entry->cleanUid();