pierre/wallabag
1
0
Fork 0
forked from wallabag/wallabag
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

Protect changeLocale with a CSRF token

Browse Source
This commit is contained in:
Yassine Guedidi
2025-03-19 00:40:30 +01:00
parent e162408139
commit ed1acf59e1
3 changed files with 36 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
templates/bundles/FOSUserBundle/layout.html.twig
View File

@ -16,9 +16,23 @@
{% endblock fos_user_content %}
</div>
<div class="center">
<a href="{{ path('changeLocale', {'language': 'de'}) }}">Deutsch</a>
<a href="{{ path('changeLocale', {'language': 'en'}) }}">English</a>
<a href="{{ path('changeLocale', {'language': 'fr'}) }}">Français</a>
<form action="{{ path('changeLocale', {'language': 'de'}) }}" method="post" class="inline-block">
<input type="hidden" name="token" value="{{ csrf_token('change-locale') }}"/>
<button type="submit" class="btn-link">Deutsch</button>
</form>
<form action="{{ path('changeLocale', {'language': 'en'}) }}" method="post" class="inline-block">
<input type="hidden" name="token" value="{{ csrf_token('change-locale') }}"/>
<button type="submit" class="btn-link">English</button>
</form>
<form action="{{ path('changeLocale', {'language': 'fr'}) }}" method="post" class="inline-block">
<input type="hidden" name="token" value="{{ csrf_token('change-locale') }}"/>
<button type="submit" class="btn-link">Français</button>
</form>
</div>
</div>
</main>