pierre/wallabag
1
0
Fork 0
forked from wallabag/wallabag
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

Fix adding tag to entries from other people

Browse Source 
I've also limited tag length to 20 chars (and limit adding more than 5 tags at once)
This commit is contained in:
Jeremy Benoist
2023-02-07 21:18:06 +01:00
parent 784bc1393c
commit 242e3feac9
2 changed files with 26 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/Wallabag/CoreBundle/Controller/TagController.php
View File

@ -17,7 +17,7 @@ use Wallabag\CoreBundle\Form\Type\RenameTagType;
class TagController extends Controller
{
/**
* @Route("/new-tag/{entry}", requirements={"entry" = "\d+"}, name="new_tag")
* @Route("/new-tag/{entry}", requirements={"entry" = "\d+"}, name="new_tag", methods={"POST"})
*
* @return \Symfony\Component\HttpFoundation\Response
*/
@ -26,7 +26,17 @@ class TagController extends Controller
$form = $this->createForm(NewTagType::class, new Tag());
$form->handleRequest($request);
$tags = $form->get('label')->getData();
$tagsExploded = explode(',', $tags);
// avoid too much tag to be added
if (\count($tagsExploded) >= 5 || \strlen($tags) >= NewTagType::MAX_LENGTH) {
return $this->redirect($this->generateUrl('view', ['id' => $entry->getId()]));
}
if ($form->isSubmitted() && $form->isValid()) {
$this->checkUserAction($entry);
$this->get('wallabag_core.tags_assigner')->assignTagsToEntry(
$entry,
$form->get('label')->getData()
@ -59,6 +69,8 @@ class TagController extends Controller
*/
public function removeTagFromEntry(Request $request, Entry $entry, Tag $tag)
{
$this->checkUserAction($entry);
$entry->removeTag($tag);
$em = $this->getDoctrine()->getManager();
$em->flush();
@ -222,4 +234,14 @@ class TagController extends Controller
return $this->redirect($this->get('wallabag_core.helper.redirect')->to($request->headers->get('referer'), '', true));
}
/**
* Check if the logged user can manage the given entry.
*/
private function checkUserAction(Entry $entry)
{
if (null === $this->getUser() || $this->getUser()->getId() !== $entry->getUser()->getId()) {
throw $this->createAccessDeniedException('You can not access this entry.');
}
}
}