pierre/wallabag
1
0
Fork 0
forked from wallabag/wallabag
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

Protect revoke_token with a CSRF token

Browse Source
This commit is contained in:
Yassine Guedidi
2025-03-18 23:42:51 +01:00
parent d703fa6a3a
commit ac5b5fb379
3 changed files with 33 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/Wallabag/CoreBundle/Controller/ConfigController.php
View File

@ -455,22 +455,22 @@ class ConfigController extends AbstractController
}
/**
* @Route("/revoke-token", name="revoke_token")
* @Route("/revoke-token", name="revoke_token", methods={"POST"})
*
* @return RedirectResponse|JsonResponse
*/
public function revokeTokenAction(Request $request)
{
if (!$this->isCsrfTokenValid('revoke-token', $request->request->get('token'))) {
throw new BadRequestHttpException('Bad CSRF token.');
}
$config = $this->getConfig();
$config->setFeedToken(null);
$this->entityManager->persist($config);
$this->entityManager->flush();
if ($request->isXmlHttpRequest()) {
return new JsonResponse();
}
$this->addFlash(
'notice',
'flashes.config.notice.feed_token_revoked'