pierre/wallabag
1
0
Fork 0
forked from wallabag/wallabag
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

Protect delete_entry with a CSRF token

Browse Source
This commit is contained in:
Yassine Guedidi
2025-03-23 03:09:42 +01:00
parent 00d0e6f951
commit eb8408b22f
6 changed files with 65 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/Wallabag/CoreBundle/Controller/EntryController.php
View File

@ -501,12 +501,16 @@ class EntryController extends AbstractController
/**
* Deletes entry and redirect to the homepage or the last viewed page.
*
* @Route("/delete/{id}", requirements={"id" = "\d+"}, name="delete_entry")
* @Route("/delete/{id}", name="delete_entry", methods={"POST"}, requirements={"id" = "\d+"})
*
* @return RedirectResponse
*/
public function deleteEntryAction(Request $request, Entry $entry)
{
if (!$this->isCsrfTokenValid('delete-entry', $request->request->get('token'))) {
throw new BadRequestHttpException('Bad CSRF token.');
}
$this->checkUserAction($entry);
// generates the view url for this entry to check for redirection later