marek/MtoRagSystem
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix csrf token handling in controllers

Browse Source
This commit is contained in:
team 1
2026-02-18 08:52:19 +01:00
parent 0d3efa228d
commit 64b263c5fe
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/Controller/Admin/DocumentController.php
View File

@@ -234,7 +234,7 @@ class DocumentController extends AbstractController
): RedirectResponse ): RedirectResponse
{ {
if (!$this->isCsrfTokenValid('activate_version', $request->request->get('_token'))) { if (!$this->isCsrfTokenValid('activate_version_'.$versionId, $request->request->get('_token'))) {
throw $this->createAccessDeniedException(); throw $this->createAccessDeniedException();
} }
@@ -313,7 +313,7 @@ class DocumentController extends AbstractController
): ?RedirectResponse ): ?RedirectResponse
{ {
$dryRun = false; $dryRun = false;
if (!$this->isCsrfTokenValid('ingest_version', $request->request->get('_token'))) { if (!$this->isCsrfTokenValid('ingest_version_'.$versionId, $request->request->get('_token'))) {
throw $this->createAccessDeniedException(); throw $this->createAccessDeniedException();
} }
@@ -427,7 +427,7 @@ class DocumentController extends AbstractController
LockService $lockService, LockService $lockService,
): RedirectResponse ): RedirectResponse
{ {
if (!$this->isCsrfTokenValid('delete_document', $request->request->get('_token'))) { if (!$this->isCsrfTokenValid('delete_document_' . $id, $request->request->get('_token'))) {
throw $this->createAccessDeniedException(); throw $this->createAccessDeniedException();
} }