oss/wallabag
oss/wallabag
1
0
Fork 0
mirror of https://github.com/wallabag/wallabag.git synced 2025-09-15 18:57:05 +00:00
Code Wiki Activity

Protect delete_entry with a CSRF token

Browse source
This commit is contained in:
Yassine Guedidi 2025-03-23 03:09:42 +01:00
parent 00d0e6f951
commit eb8408b22f
6 changed files with 65 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/Wallabag/CoreBundle/Controller/EntryController.php
View file

@ -501,12 +501,16 @@ class EntryController extends AbstractController
/**
* Deletes entry and redirect to the homepage or the last viewed page.
*
* @Route("/delete/{id}", requirements={"id" = "\d+"}, name="delete_entry")
* @Route("/delete/{id}", name="delete_entry", methods={"POST"}, requirements={"id" = "\d+"})
*
* @return RedirectResponse
*/
public function deleteEntryAction(Request $request, Entry $entry)
{
if (!$this->isCsrfTokenValid('delete-entry', $request->request->get('token'))) {
throw new BadRequestHttpException('Bad CSRF token.');
}
$this->checkUserAction($entry);
// generates the view url for this entry to check for redirection later