1
0
Fork 0
mirror of https://github.com/wallabag/wallabag.git synced 2025-08-01 17:38:38 +00:00

Fix CSRF on user deletion

This commit is contained in:
Jeremy Benoist 2023-02-07 20:29:42 +01:00
parent 784bc1393c
commit f1b3d5cdd7
No known key found for this signature in database
GPG key ID: 7168D5DD29F38552
3 changed files with 14 additions and 8 deletions

View file

@ -794,7 +794,7 @@ class ConfigControllerTest extends WallabagCoreTestCase
$this->assertGreaterThan(1, $body = $crawler->filter('body')->extract(['_text']));
$this->assertStringNotContainsString('config.form_user.delete.button', $body[0]);
$client->request('GET', '/account/delete');
$client->request('POST', '/account/delete');
$this->assertSame(403, $client->getResponse()->getStatusCode());
$user = $em
@ -860,9 +860,9 @@ class ConfigControllerTest extends WallabagCoreTestCase
$crawler = $client->request('GET', '/config');
$deleteLink = $crawler->filter('.delete-account')->last()->link();
$deleteForm = $crawler->filter('form[name=delete-account]')->form();
$client->click($deleteLink);
$client->submit($deleteForm);
$this->assertSame(302, $client->getResponse()->getStatusCode());
$em = $client->getContainer()->get('doctrine.orm.entity_manager');