mirror of
https://github.com/MarijnDoeve/TijdVoorDeTest.git
synced 2026-07-06 15:40:14 +02:00
Add CSRF token validation for quiz-related actions
- Added CSRF validation to `enableQuiz`, `clearQuiz`, `deleteQuiz`, `toggleCandidate`, and `prepareElimination` actions. - Updated Twig templates to replace links with POST forms to include CSRF tokens. - Set HTTP method restrictions for related endpoints to `POST`.
This commit is contained in:
@@ -24,9 +24,14 @@ final class PrepareEliminationController extends AbstractController
|
||||
'/backoffice/season/{seasonCode:season}/quiz/{quiz}/elimination/prepare',
|
||||
name: 'tvdt_prepare_elimination',
|
||||
requirements: ['seasonCode' => self::SEASON_CODE_REGEX, 'quiz' => Requirement::UUID],
|
||||
methods: ['POST'],
|
||||
)]
|
||||
public function index(Season $season, Quiz $quiz): RedirectResponse
|
||||
public function index(Season $season, Quiz $quiz, Request $request): RedirectResponse
|
||||
{
|
||||
if (!$this->isCsrfTokenValid('prepare_elimination', $request->request->get('_token'))) {
|
||||
throw $this->createAccessDeniedException();
|
||||
}
|
||||
|
||||
$elimination = $this->eliminationFactory->createEliminationFromQuiz($quiz);
|
||||
|
||||
return $this->redirectToRoute('tvdt_prepare_elimination_view', ['elimination' => $elimination->id]);
|
||||
|
||||
Reference in New Issue
Block a user