oss/wallabag
oss/wallabag
1
0
Fork 0
mirror of https://github.com/wallabag/wallabag.git synced 2025-09-15 18:57:05 +00:00
Code Wiki Activity

Protect remove_tag with a CSRF token

Browse source
This commit is contained in:
Yassine Guedidi 2025-03-23 13:46:38 +01:00
parent d1e128900a
commit ddf2e80842
4 changed files with 19 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

7
tests/Wallabag/CoreBundle/Controller/EntryControllerTest.php
View file

@ -1694,7 +1694,7 @@ class EntryControllerTest extends WallabagCoreTestCase
$this->assertSame('example.com', $content->getDomainName());
}
public function testEntryDeleteTagLink()
public function testEntryDeleteTagForm()
{
$this->logInAs('admin');
$client = $this->getTestClient();
@ -1705,10 +1705,7 @@ class EntryControllerTest extends WallabagCoreTestCase
$crawler = $client->request('GET', '/view/' . $entry->getId());
// As long as the deletion link of a tag is following
// a link to the tag view, we take the second one to retrieve
// the deletion link of the first tag
$link = $crawler->filter('body div#article div.tools ul.tags li.chip a')->extract(['href'])[1];
$link = $crawler->filter('body div#article div.tools ul.tags li.chip form')->extract(['action'])[0];
$this->assertStringStartsWith(sprintf('/remove-tag/%s/%s', $entry->getId(), $tag->getId()), $link);
}