mirror of
https://github.com/MarijnDoeve/TijdVoorDeTest.git
synced 2026-07-06 15:40:14 +02:00
Add CSRF token validation for quiz-related actions
- Added CSRF validation to `enableQuiz`, `clearQuiz`, `deleteQuiz`, `toggleCandidate`, and `prepareElimination` actions. - Updated Twig templates to replace links with POST forms to include CSRF tokens. - Set HTTP method restrictions for related endpoints to `POST`.
This commit is contained in:
@@ -35,14 +35,16 @@
|
||||
{% endif %}
|
||||
</td>
|
||||
<td>
|
||||
<a href="{{ path('tvdt_backoffice_toggle_candidate', {quiz: quiz.id, candidate: candidate.id}) }}"
|
||||
class="btn btn-sm btn-outline-secondary">
|
||||
{% if quizCandidate == null or quizCandidate.active %}
|
||||
{{ 'Deactivate'|trans }}
|
||||
{% else %}
|
||||
{{ 'Activate'|trans }}
|
||||
{% endif %}
|
||||
</a>
|
||||
<form action="{{ path('tvdt_backoffice_toggle_candidate', {quiz: quiz.id, candidate: candidate.id}) }}" method="POST">
|
||||
<input type="hidden" name="_token" value="{{ csrf_token('toggle_candidate') }}">
|
||||
<button type="submit" class="btn btn-sm btn-outline-secondary">
|
||||
{% if quizCandidate == null or quizCandidate.active %}
|
||||
{{ 'Deactivate'|trans }}
|
||||
{% else %}
|
||||
{{ 'Activate'|trans }}
|
||||
{% endif %}
|
||||
</button>
|
||||
</form>
|
||||
</td>
|
||||
</tr>
|
||||
{% endfor %}
|
||||
|
||||
Reference in New Issue
Block a user