pierre/wallabag
1
0
Fork 0
forked from wallabag/wallabag
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

Merge remote-tracking branch 'origin/2.5.x'

Browse Source
This commit is contained in:
Jeremy Benoist
2023-04-24 14:36:32 +02:00
parent f37c10fcf5 055d304bc9
commit 66b7bdd07c
18 changed files with 614 additions and 472 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/Wallabag/CoreBundle/Controller/ConfigController.php
View File

@ -592,7 +592,7 @@ class ConfigController extends AbstractController
/**
* Delete account for current user.
*
* @Route("/account/delete", name="delete_account")
* @Route("/account/delete", name="delete_account", methods={"POST"})
*
* @throws AccessDeniedHttpException
*
@ -600,6 +600,10 @@ class ConfigController extends AbstractController
*/
public function deleteAccountAction(Request $request, UserRepository $userRepository, TokenStorageInterface $tokenStorage)
{
if (!$this->isCsrfTokenValid('delete-account', $request->request->get('token'))) {
throw $this->createAccessDeniedException('Bad CSRF token.');
}
$enabledUsers = $userRepository->getSumEnabledUsers();
if ($enabledUsers <= 1) {