pierre/wallabag
1
0
Fork 0
forked from wallabag/wallabag
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

Replace GET way to POST way to reset data user

Browse Source 
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
This commit is contained in:
Nicolas Lœuillet
2023-07-29 10:44:10 +02:00
committed by Kevin Decherf
parent f4fd8e4675
commit a9893d754f
3 changed files with 44 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/Wallabag/CoreBundle/Controller/ConfigController.php
View File

@ -523,12 +523,16 @@ class ConfigController extends AbstractController
/**
* Remove all annotations OR tags OR entries for the current user.
*
* @Route("/reset/{type}", requirements={"id" = "annotations|tags|entries"}, name="config_reset")
* @Route("/reset/{type}", requirements={"id" = "annotations|tags|entries"}, name="config_reset", methods={"POST"})
*
* @return RedirectResponse
*/
public function resetAction(string $type, AnnotationRepository $annotationRepository, EntryRepository $entryRepository)
public function resetAction(Request $request, string $type, AnnotationRepository $annotationRepository, EntryRepository $entryRepository)
{
if (!$this->isCsrfTokenValid('reset-area', $request->request->get('token'))) {
throw $this->createAccessDeniedException('Bad CSRF token.');
}
switch ($type) {
case 'annotations':
$annotationRepository->removeAllByUserId($this->getUser()->getId());