oss/wallabag
oss/wallabag
1
0
Fork 0
mirror of https://github.com/wallabag/wallabag.git synced 2025-08-06 17:41:01 +00:00
Code Wiki Activity

Protect switch_view_mode with a CSRF token

Browse source
This commit is contained in:
Yassine Guedidi 2025-03-19 00:28:34 +01:00
parent 6fa61c0f9c
commit e162408139
5 changed files with 27 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/Wallabag/CoreBundle/Controller/ConfigController.php
View file

@ -646,12 +646,16 @@ class ConfigController extends AbstractController
/**
* Switch view mode for current user.
*
* @Route("/config/view-mode", name="switch_view_mode")
* @Route("/config/view-mode", name="switch_view_mode", methods={"POST"})
*
* @return RedirectResponse
*/
public function changeViewModeAction(Request $request)
{
if (!$this->isCsrfTokenValid('switch-view-mode', $request->request->get('token'))) {
throw new BadRequestHttpException('Bad CSRF token.');
}
$user = $this->getUser();
$user->getConfig()->setListMode(!$user->getConfig()->getListMode());