Add CSRF token validation across backoffice forms

- Added CSRF validations to candidate correction, penalty, answer saving, and elimination forms.
- Updated corresponding Twig templates to include CSRF token inputs.
- Adjusted column count in `tab_result` template to maintain layout consistency.
This commit is contained in:
2026-05-23 14:51:45 +02:00
parent e9b2b8c344
commit 3980d03bad
5 changed files with 24 additions and 2 deletions
@@ -40,6 +40,10 @@ final class PrepareEliminationController extends AbstractController
public function viewElimination(Elimination $elimination, Request $request): Response
{
if ('POST' === $request->getMethod()) {
if (!$this->isCsrfTokenValid('prepare_elimination', $request->request->get('_token'))) {
throw $this->createAccessDeniedException();
}
$elimination->updateFromInputBag($request->request);
$this->em->flush();