Add CSRF token validation across backoffice forms

- Added CSRF validations to candidate correction, penalty, answer saving, and elimination forms.
- Updated corresponding Twig templates to include CSRF token inputs.
- Adjusted column count in `tab_result` template to maintain layout consistency.
This commit is contained in:
2026-05-23 14:51:45 +02:00
parent e9b2b8c344
commit 3980d03bad
5 changed files with 24 additions and 2 deletions
@@ -15,6 +15,7 @@
<div class="row">
<div class="col-12 col-md-6">
<form method="post">
<input type="hidden" name="_token" value="{{ csrf_token('prepare_elimination') }}">
{%~ for candidate, colour in elimination.data %}
<div class="row mb-3">
<label for="colour-{{ candidate|lower }}" class="col-4 col-form-label">{{ candidate }}</label>
@@ -37,6 +37,7 @@
<td>
<form method="post"
action="{{ path('tvdt_backoffice_modify_correction', {quiz: quiz.id, candidate: candidate.id}) }}">
<input type="hidden" name="_token" value="{{ csrf_token('candidate_correction') }}">
<div class="row">
<div class="col-8">
<input class="form-control form-control-sm" type="number"
@@ -52,7 +53,7 @@
<td>
<form method="post"
action="{{ path('tvdt_backoffice_modify_penalty', {quiz: quiz.id, candidate: candidate.id}) }}">
<input type="hidden" name="_token" value="{{ csrf_token('candidate_answer') }}">
<input type="hidden" name="_token" value="{{ csrf_token('candidate_penalty') }}">
<div class="row">
<div class="col-8">
<input class="form-control form-control-sm" type="number"
@@ -70,7 +71,7 @@
</tr>
{% else %}
<tr>
<td colspan="5">{{ 'No results'|trans }}</td>
<td colspan="6">{{ 'No results'|trans }}</td>
</tr>
{% endfor %}
</tbody>