From e6a8ebb04e2ac657b8bcf0c4460c409ff8f4e991 Mon Sep 17 00:00:00 2001 From: Melroy van den Berg Date: Mon, 16 Sep 2024 22:05:04 +0200 Subject: [PATCH] Make CSRF tokens better named (#1131) --- .../Admin/AdminMagazineOwnershipRequestController.php | 4 ++-- src/Controller/Admin/AdminModeratorController.php | 2 +- src/Controller/BoostController.php | 2 +- src/Controller/Domain/DomainBlockController.php | 4 ++-- src/Controller/Domain/DomainSubController.php | 4 ++-- .../Entry/Comment/EntryCommentChangeAdultController.php | 2 +- .../Entry/Comment/EntryCommentDeleteController.php | 6 +++--- src/Controller/Entry/EntryChangeAdultController.php | 2 +- src/Controller/Entry/EntryChangeMagazineController.php | 2 +- src/Controller/Entry/EntryDeleteController.php | 6 +++--- src/Controller/Entry/EntryPinController.php | 2 +- src/Controller/FavouriteController.php | 2 +- src/Controller/Magazine/MagazineBlockController.php | 4 ++-- src/Controller/Magazine/MagazineDeleteController.php | 8 ++++---- .../Magazine/MagazineModeratorRequestController.php | 2 +- .../Magazine/MagazineOwnershipRequestController.php | 4 ++-- .../Magazine/MagazineRemoveSubscriptionsController.php | 2 +- src/Controller/Magazine/MagazineSubController.php | 4 ++-- src/Controller/Magazine/Panel/MagazineBadgeController.php | 2 +- src/Controller/Magazine/Panel/MagazineBanController.php | 2 +- .../Magazine/Panel/MagazineModeratorController.php | 2 +- .../Panel/MagazineModeratorRequestsController.php | 4 ++-- .../Magazine/Panel/MagazineReportController.php | 4 ++-- .../Post/Comment/PostCommentChangeAdultController.php | 2 +- .../Post/Comment/PostCommentDeleteController.php | 6 +++--- src/Controller/Post/PostChangeAdultController.php | 2 +- src/Controller/Post/PostChangeMagazineController.php | 2 +- src/Controller/Post/PostDeleteController.php | 6 +++--- src/Controller/Post/PostPinController.php | 2 +- src/Controller/Tag/TagBanController.php | 4 ++-- src/Controller/User/Profile/User2FAController.php | 4 ++-- .../User/Profile/UserNotificationController.php | 4 ++-- src/Controller/User/Profile/UserVerifyController.php | 2 +- src/Controller/User/UserBanController.php | 4 ++-- src/Controller/User/UserBlockController.php | 4 ++-- src/Controller/User/UserDeleteController.php | 6 +++--- src/Controller/User/UserFollowController.php | 4 ++-- src/Controller/User/UserRemoveFollowing.php | 2 +- src/Controller/User/UserSuspendController.php | 4 ++-- src/Controller/VoteController.php | 2 +- templates/components/favourite.html.twig | 4 ++-- templates/components/vote.html.twig | 4 ++-- 42 files changed, 72 insertions(+), 72 deletions(-) diff --git a/src/Controller/Admin/AdminMagazineOwnershipRequestController.php b/src/Controller/Admin/AdminMagazineOwnershipRequestController.php index bdb856476..eb5541f91 100644 --- a/src/Controller/Admin/AdminMagazineOwnershipRequestController.php +++ b/src/Controller/Admin/AdminMagazineOwnershipRequestController.php @@ -32,7 +32,7 @@ public function requests(Request $request): Response #[IsGranted('ROLE_ADMIN')] public function accept(Magazine $magazine, User $user, Request $request): Response { - $this->validateCsrf('admin_magazine_ownership_requests_accept', $request->request->get('token')); + $this->validateCsrf('admin_magazine_ownership_requests_accept', $request->getPayload()->get('token')); $this->manager->acceptOwnershipRequest($magazine, $user, $this->getUserOrThrow()); @@ -42,7 +42,7 @@ public function accept(Magazine $magazine, User $user, Request $request): Respon #[IsGranted('ROLE_ADMIN')] public function reject(Magazine $magazine, User $user, Request $request): Response { - $this->validateCsrf('admin_magazine_ownership_requests_reject', $request->request->get('token')); + $this->validateCsrf('admin_magazine_ownership_requests_reject', $request->getPayload()->get('token')); $this->manager->toggleOwnershipRequest($magazine, $user); diff --git a/src/Controller/Admin/AdminModeratorController.php b/src/Controller/Admin/AdminModeratorController.php index 1cb61b225..334268785 100644 --- a/src/Controller/Admin/AdminModeratorController.php +++ b/src/Controller/Admin/AdminModeratorController.php @@ -49,7 +49,7 @@ public function moderators(Request $request): Response #[IsGranted('ROLE_ADMIN')] public function removeModerator(User $user, Request $request): Response { - $this->validateCsrf('remove_moderator', $request->request->get('token')); + $this->validateCsrf('remove_moderator', $request->getPayload()->get('token')); $this->manager->removeModerator($user); diff --git a/src/Controller/BoostController.php b/src/Controller/BoostController.php index db02d21da..582829cc5 100644 --- a/src/Controller/BoostController.php +++ b/src/Controller/BoostController.php @@ -23,7 +23,7 @@ public function __construct( #[IsGranted('ROLE_USER')] public function __invoke(VotableInterface $subject, Request $request): Response { - $this->validateCsrf('boost', $request->request->get('token')); + $this->validateCsrf('boost', $request->getPayload()->get('token')); $this->manager->vote(VotableInterface::VOTE_UP, $subject, $this->getUserOrThrow()); diff --git a/src/Controller/Domain/DomainBlockController.php b/src/Controller/Domain/DomainBlockController.php index d56e9c41f..35e50b477 100644 --- a/src/Controller/Domain/DomainBlockController.php +++ b/src/Controller/Domain/DomainBlockController.php @@ -22,7 +22,7 @@ public function __construct( #[IsGranted('ROLE_USER')] public function block(Domain $domain, Request $request): Response { - $this->validateCsrf('block', $request->request->get('token')); + $this->validateCsrf('block', $request->getPayload()->get('token')); $this->manager->block($domain, $this->getUserOrThrow()); @@ -36,7 +36,7 @@ public function block(Domain $domain, Request $request): Response #[IsGranted('ROLE_USER')] public function unblock(Domain $domain, Request $request): Response { - $this->validateCsrf('block', $request->request->get('token')); + $this->validateCsrf('block', $request->getPayload()->get('token')); $this->manager->unblock($domain, $this->getUserOrThrow()); diff --git a/src/Controller/Domain/DomainSubController.php b/src/Controller/Domain/DomainSubController.php index 694d524ef..18107f5b2 100644 --- a/src/Controller/Domain/DomainSubController.php +++ b/src/Controller/Domain/DomainSubController.php @@ -22,7 +22,7 @@ public function __construct( #[IsGranted('ROLE_USER')] public function subscribe(Domain $domain, Request $request): Response { - $this->validateCsrf('subscribe', $request->request->get('token')); + $this->validateCsrf('subscribe', $request->getPayload()->get('token')); $this->manager->subscribe($domain, $this->getUserOrThrow()); @@ -36,7 +36,7 @@ public function subscribe(Domain $domain, Request $request): Response #[IsGranted('ROLE_USER')] public function unsubscribe(Domain $domain, Request $request): Response { - $this->validateCsrf('subscribe', $request->request->get('token')); + $this->validateCsrf('subscribe', $request->getPayload()->get('token')); $this->manager->unsubscribe($domain, $this->getUserOrThrow()); diff --git a/src/Controller/Entry/Comment/EntryCommentChangeAdultController.php b/src/Controller/Entry/Comment/EntryCommentChangeAdultController.php index dd0b3e231..70fd3bc5e 100644 --- a/src/Controller/Entry/Comment/EntryCommentChangeAdultController.php +++ b/src/Controller/Entry/Comment/EntryCommentChangeAdultController.php @@ -31,7 +31,7 @@ public function __invoke( EntryComment $comment, Request $request ): Response { - $this->validateCsrf('change_adult', $request->request->get('token')); + $this->validateCsrf('change_adult', $request->getPayload()->get('token')); $comment->isAdult = 'on' === $request->get('adult'); diff --git a/src/Controller/Entry/Comment/EntryCommentDeleteController.php b/src/Controller/Entry/Comment/EntryCommentDeleteController.php index 514b59198..79ffceaeb 100644 --- a/src/Controller/Entry/Comment/EntryCommentDeleteController.php +++ b/src/Controller/Entry/Comment/EntryCommentDeleteController.php @@ -32,7 +32,7 @@ public function delete( EntryComment $comment, Request $request ): Response { - $this->validateCsrf('entry_comment_delete', $request->request->get('token')); + $this->validateCsrf('entry_comment_delete', $request->getPayload()->get('token')); $this->manager->delete($this->getUserOrThrow(), $comment); @@ -50,7 +50,7 @@ public function restore( EntryComment $comment, Request $request ): Response { - $this->validateCsrf('entry_comment_restore', $request->request->get('token')); + $this->validateCsrf('entry_comment_restore', $request->getPayload()->get('token')); $this->manager->restore($this->getUserOrThrow(), $comment); @@ -68,7 +68,7 @@ public function purge( EntryComment $comment, Request $request ): Response { - $this->validateCsrf('entry_comment_purge', $request->request->get('token')); + $this->validateCsrf('entry_comment_purge', $request->getPayload()->get('token')); $this->manager->purge($this->getUserOrThrow(), $comment); diff --git a/src/Controller/Entry/EntryChangeAdultController.php b/src/Controller/Entry/EntryChangeAdultController.php index 5c4e17e9e..1bec8a962 100644 --- a/src/Controller/Entry/EntryChangeAdultController.php +++ b/src/Controller/Entry/EntryChangeAdultController.php @@ -28,7 +28,7 @@ public function __invoke( Entry $entry, Request $request ): Response { - $this->validateCsrf('change_adult', $request->request->get('token')); + $this->validateCsrf('change_adult', $request->getPayload()->get('token')); $entry->isAdult = 'on' === $request->get('adult'); diff --git a/src/Controller/Entry/EntryChangeMagazineController.php b/src/Controller/Entry/EntryChangeMagazineController.php index 6ad9fa749..6807b215d 100644 --- a/src/Controller/Entry/EntryChangeMagazineController.php +++ b/src/Controller/Entry/EntryChangeMagazineController.php @@ -30,7 +30,7 @@ public function __invoke( Entry $entry, Request $request ): Response { - $this->validateCsrf('change_magazine', $request->request->get('token')); + $this->validateCsrf('change_magazine', $request->getPayload()->get('token')); $newMagazine = $this->repository->findOneByName($request->get('change_magazine')['new_magazine']); diff --git a/src/Controller/Entry/EntryDeleteController.php b/src/Controller/Entry/EntryDeleteController.php index 9b674f781..45e852c9f 100644 --- a/src/Controller/Entry/EntryDeleteController.php +++ b/src/Controller/Entry/EntryDeleteController.php @@ -29,7 +29,7 @@ public function delete( Entry $entry, Request $request ): Response { - $this->validateCsrf('entry_delete', $request->request->get('token')); + $this->validateCsrf('entry_delete', $request->getPayload()->get('token')); $this->manager->delete($this->getUserOrThrow(), $entry); @@ -50,7 +50,7 @@ public function restore( Entry $entry, Request $request ): Response { - $this->validateCsrf('entry_restore', $request->request->get('token')); + $this->validateCsrf('entry_restore', $request->getPayload()->get('token')); $this->manager->restore($this->getUserOrThrow(), $entry); @@ -66,7 +66,7 @@ public function purge( Entry $entry, Request $request ): Response { - $this->validateCsrf('entry_purge', $request->request->get('token')); + $this->validateCsrf('entry_purge', $request->getPayload()->get('token')); $this->manager->purge($this->getUserOrThrow(), $entry); diff --git a/src/Controller/Entry/EntryPinController.php b/src/Controller/Entry/EntryPinController.php index 2710df542..05382df88 100644 --- a/src/Controller/Entry/EntryPinController.php +++ b/src/Controller/Entry/EntryPinController.php @@ -29,7 +29,7 @@ public function __invoke( Entry $entry, Request $request ): Response { - $this->validateCsrf('entry_pin', $request->request->get('token')); + $this->validateCsrf('entry_pin', $request->getPayload()->get('token')); $entry = $this->manager->pin($entry, $this->getUserOrThrow()); diff --git a/src/Controller/FavouriteController.php b/src/Controller/FavouriteController.php index 86acad0e4..28ba605a6 100644 --- a/src/Controller/FavouriteController.php +++ b/src/Controller/FavouriteController.php @@ -21,7 +21,7 @@ public function __construct(private readonly GenerateHtmlClassService $classServ #[IsGranted('ROLE_USER')] public function __invoke(FavouriteInterface $subject, Request $request, FavouriteManager $manager): Response { - $this->validateCsrf('favourite', $request->request->get('token')); + $this->validateCsrf('up_vote', $request->getPayload()->get('token')); $manager->toggle($this->getUserOrThrow(), $subject); diff --git a/src/Controller/Magazine/MagazineBlockController.php b/src/Controller/Magazine/MagazineBlockController.php index 51591ecb7..0d18e49fc 100644 --- a/src/Controller/Magazine/MagazineBlockController.php +++ b/src/Controller/Magazine/MagazineBlockController.php @@ -22,7 +22,7 @@ public function __construct(private readonly MagazineManager $manager) #[IsGranted('block', subject: 'magazine')] public function block(Magazine $magazine, Request $request): Response { - $this->validateCsrf('block', $request->request->get('token')); + $this->validateCsrf('block', $request->getPayload()->get('token')); $this->manager->block($magazine, $this->getUserOrThrow()); @@ -37,7 +37,7 @@ public function block(Magazine $magazine, Request $request): Response #[IsGranted('block', subject: 'magazine')] public function unblock(Magazine $magazine, Request $request): Response { - $this->validateCsrf('block', $request->request->get('token')); + $this->validateCsrf('block', $request->getPayload()->get('token')); $this->manager->unblock($magazine, $this->getUserOrThrow()); diff --git a/src/Controller/Magazine/MagazineDeleteController.php b/src/Controller/Magazine/MagazineDeleteController.php index 9f6b2e638..9823e5494 100644 --- a/src/Controller/Magazine/MagazineDeleteController.php +++ b/src/Controller/Magazine/MagazineDeleteController.php @@ -21,7 +21,7 @@ public function __construct(private readonly MagazineManager $manager) #[IsGranted('delete', subject: 'magazine')] public function delete(Magazine $magazine, Request $request): Response { - $this->validateCsrf('magazine_delete', $request->request->get('token')); + $this->validateCsrf('magazine_delete', $request->getPayload()->get('token')); $this->manager->delete($magazine); @@ -32,7 +32,7 @@ public function delete(Magazine $magazine, Request $request): Response #[IsGranted('delete', subject: 'magazine')] public function restore(Magazine $magazine, Request $request): Response { - $this->validateCsrf('magazine_restore', $request->request->get('token')); + $this->validateCsrf('magazine_restore', $request->getPayload()->get('token')); $this->manager->restore($magazine); @@ -43,7 +43,7 @@ public function restore(Magazine $magazine, Request $request): Response #[IsGranted('purge', subject: 'magazine')] public function purge(Magazine $magazine, Request $request): Response { - $this->validateCsrf('magazine_purge', $request->request->get('token')); + $this->validateCsrf('magazine_purge', $request->getPayload()->get('token')); $this->manager->purge($magazine); @@ -54,7 +54,7 @@ public function purge(Magazine $magazine, Request $request): Response #[IsGranted('purge', subject: 'magazine')] public function purgeContent(Magazine $magazine, Request $request): Response { - $this->validateCsrf('magazine_purge_content', $request->request->get('token')); + $this->validateCsrf('magazine_purge_content', $request->getPayload()->get('token')); $this->manager->purge($magazine, true); diff --git a/src/Controller/Magazine/MagazineModeratorRequestController.php b/src/Controller/Magazine/MagazineModeratorRequestController.php index db0aaa5aa..2ede57d73 100644 --- a/src/Controller/Magazine/MagazineModeratorRequestController.php +++ b/src/Controller/Magazine/MagazineModeratorRequestController.php @@ -27,7 +27,7 @@ public function __invoke(Magazine $magazine, Request $request): Response throw new AccessDeniedException(); } - $this->validateCsrf('moderator_request', $request->request->get('token')); + $this->validateCsrf('moderator_request', $request->getPayload()->get('token')); $this->manager->toggleModeratorRequest($magazine, $this->getUserOrThrow()); diff --git a/src/Controller/Magazine/MagazineOwnershipRequestController.php b/src/Controller/Magazine/MagazineOwnershipRequestController.php index 37a712627..253778cdc 100644 --- a/src/Controller/Magazine/MagazineOwnershipRequestController.php +++ b/src/Controller/Magazine/MagazineOwnershipRequestController.php @@ -27,7 +27,7 @@ public function toggle(Magazine $magazine, Request $request): Response throw new AccessDeniedException(); } - $this->validateCsrf('magazine_ownership_request', $request->request->get('token')); + $this->validateCsrf('magazine_ownership_request', $request->getPayload()->get('token')); $this->manager->toggleOwnershipRequest($magazine, $this->getUserOrThrow()); @@ -37,7 +37,7 @@ public function toggle(Magazine $magazine, Request $request): Response #[IsGranted('ROLE_ADMIN')] public function accept(Magazine $magazine, Request $request): Response { - $this->validateCsrf('magazine_ownership_request', $request->request->get('token')); + $this->validateCsrf('magazine_ownership_request', $request->getPayload()->get('token')); $user = $this->getUserOrThrow(); $this->manager->acceptOwnershipRequest($magazine, $user, $user); diff --git a/src/Controller/Magazine/MagazineRemoveSubscriptionsController.php b/src/Controller/Magazine/MagazineRemoveSubscriptionsController.php index 050382012..6f37efb82 100644 --- a/src/Controller/Magazine/MagazineRemoveSubscriptionsController.php +++ b/src/Controller/Magazine/MagazineRemoveSubscriptionsController.php @@ -20,7 +20,7 @@ public function __construct(private readonly MagazineManager $manager) #[IsGranted('ROLE_ADMIN')] public function __invoke(Magazine $magazine, Request $request): Response { - $this->validateCsrf('magazine_remove_subscriptions', $request->request->get('token')); + $this->validateCsrf('magazine_remove_subscriptions', $request->getPayload()->get('token')); $this->manager->removeSubscriptions($magazine); diff --git a/src/Controller/Magazine/MagazineSubController.php b/src/Controller/Magazine/MagazineSubController.php index a4f457fa5..66ac93d1c 100644 --- a/src/Controller/Magazine/MagazineSubController.php +++ b/src/Controller/Magazine/MagazineSubController.php @@ -22,7 +22,7 @@ public function __construct(private readonly MagazineManager $manager) #[IsGranted('subscribe', subject: 'magazine')] public function subscribe(Magazine $magazine, Request $request): Response { - $this->validateCsrf('subscribe', $request->request->get('token')); + $this->validateCsrf('subscribe', $request->getPayload()->get('token')); $this->manager->subscribe($magazine, $this->getUserOrThrow()); @@ -37,7 +37,7 @@ public function subscribe(Magazine $magazine, Request $request): Response #[IsGranted('subscribe', subject: 'magazine')] public function unsubscribe(Magazine $magazine, Request $request): Response { - $this->validateCsrf('subscribe', $request->request->get('token')); + $this->validateCsrf('subscribe', $request->getPayload()->get('token')); $this->manager->unsubscribe($magazine, $this->getUserOrThrow()); diff --git a/src/Controller/Magazine/Panel/MagazineBadgeController.php b/src/Controller/Magazine/Panel/MagazineBadgeController.php index fbf4d0d91..d10fd8c55 100644 --- a/src/Controller/Magazine/Panel/MagazineBadgeController.php +++ b/src/Controller/Magazine/Panel/MagazineBadgeController.php @@ -61,7 +61,7 @@ public function remove( BadgeManager $manager, Request $request ): Response { - $this->validateCsrf('badge_remove', $request->request->get('token')); + $this->validateCsrf('badge_remove', $request->getPayload()->get('token')); $manager->delete($badge); diff --git a/src/Controller/Magazine/Panel/MagazineBanController.php b/src/Controller/Magazine/Panel/MagazineBanController.php index af20dcf98..9a03945d2 100644 --- a/src/Controller/Magazine/Panel/MagazineBanController.php +++ b/src/Controller/Magazine/Panel/MagazineBanController.php @@ -69,7 +69,7 @@ public function ban(Magazine $magazine, Request $request, ?User $user = null): R #[IsGranted('moderate', subject: 'magazine')] public function unban(Magazine $magazine, User $user, Request $request): Response { - $this->validateCsrf('magazine_unban', $request->request->get('token')); + $this->validateCsrf('magazine_unban', $request->getPayload()->get('token')); $this->manager->unban($magazine, $user); diff --git a/src/Controller/Magazine/Panel/MagazineModeratorController.php b/src/Controller/Magazine/Panel/MagazineModeratorController.php index 5e65020d2..513cbd731 100644 --- a/src/Controller/Magazine/Panel/MagazineModeratorController.php +++ b/src/Controller/Magazine/Panel/MagazineModeratorController.php @@ -59,7 +59,7 @@ public function remove( Moderator $moderator, Request $request ): Response { - $this->validateCsrf('remove_moderator', $request->request->get('token')); + $this->validateCsrf('remove_moderator', $request->getPayload()->get('token')); $this->manager->removeModerator($moderator, $this->getUser()); diff --git a/src/Controller/Magazine/Panel/MagazineModeratorRequestsController.php b/src/Controller/Magazine/Panel/MagazineModeratorRequestsController.php index aaee641a8..9fa7b1ad3 100644 --- a/src/Controller/Magazine/Panel/MagazineModeratorRequestsController.php +++ b/src/Controller/Magazine/Panel/MagazineModeratorRequestsController.php @@ -34,7 +34,7 @@ public function requests(Magazine $magazine, Request $request): Response #[IsGranted('edit', subject: 'magazine')] public function accept(Magazine $magazine, User $user, Request $request): Response { - $this->validateCsrf('magazine_panel_moderator_request_accept', $request->request->get('token')); + $this->validateCsrf('magazine_panel_moderator_request_accept', $request->getPayload()->get('token')); $this->manager->acceptModeratorRequest($magazine, $user, $this->getUserOrThrow()); @@ -45,7 +45,7 @@ public function accept(Magazine $magazine, User $user, Request $request): Respon #[IsGranted('edit', subject: 'magazine')] public function reject(Magazine $magazine, User $user, Request $request): Response { - $this->validateCsrf('magazine_panel_moderator_request_reject', $request->request->get('token')); + $this->validateCsrf('magazine_panel_moderator_request_reject', $request->getPayload()->get('token')); $this->manager->toggleModeratorRequest($magazine, $user); diff --git a/src/Controller/Magazine/Panel/MagazineReportController.php b/src/Controller/Magazine/Panel/MagazineReportController.php index cfc0fbdea..33dae7b33 100644 --- a/src/Controller/Magazine/Panel/MagazineReportController.php +++ b/src/Controller/Magazine/Panel/MagazineReportController.php @@ -49,7 +49,7 @@ public function reportApprove( Report $report, Request $request ): Response { - $this->validateCsrf('report_approve', $request->request->get('token')); + $this->validateCsrf('report_approve', $request->getPayload()->get('token')); $this->reportManager->accept($report, $this->getUserOrThrow()); @@ -65,7 +65,7 @@ public function reportReject( Report $report, Request $request ): Response { - $this->validateCsrf('report_decline', $request->request->get('token')); + $this->validateCsrf('report_decline', $request->getPayload()->get('token')); $this->reportManager->reject($report, $this->getUserOrThrow()); diff --git a/src/Controller/Post/Comment/PostCommentChangeAdultController.php b/src/Controller/Post/Comment/PostCommentChangeAdultController.php index 71e7e38e6..e70ff4f64 100644 --- a/src/Controller/Post/Comment/PostCommentChangeAdultController.php +++ b/src/Controller/Post/Comment/PostCommentChangeAdultController.php @@ -31,7 +31,7 @@ public function __invoke( PostComment $comment, Request $request ): Response { - $this->validateCsrf('change_adult', $request->request->get('token')); + $this->validateCsrf('change_adult', $request->getPayload()->get('token')); $comment->isAdult = 'on' === $request->get('adult'); diff --git a/src/Controller/Post/Comment/PostCommentDeleteController.php b/src/Controller/Post/Comment/PostCommentDeleteController.php index 84c43d634..9b61f746a 100644 --- a/src/Controller/Post/Comment/PostCommentDeleteController.php +++ b/src/Controller/Post/Comment/PostCommentDeleteController.php @@ -28,7 +28,7 @@ public function delete( PostComment $comment, Request $request ): Response { - $this->validateCsrf('post_comment_delete', $request->request->get('token')); + $this->validateCsrf('post_comment_delete', $request->getPayload()->get('token')); $this->manager->delete($this->getUserOrThrow(), $comment); @@ -44,7 +44,7 @@ public function restore( PostComment $comment, Request $request ): Response { - $this->validateCsrf('post_comment_restore', $request->request->get('token')); + $this->validateCsrf('post_comment_restore', $request->getPayload()->get('token')); $this->manager->restore($this->getUserOrThrow(), $comment); @@ -60,7 +60,7 @@ public function purge( PostComment $comment, Request $request ): Response { - $this->validateCsrf('post_comment_purge', $request->request->get('token')); + $this->validateCsrf('post_comment_purge', $request->getPayload()->get('token')); $this->manager->purge($this->getUserOrThrow(), $comment); diff --git a/src/Controller/Post/PostChangeAdultController.php b/src/Controller/Post/PostChangeAdultController.php index 1875ae1be..12b491ba1 100644 --- a/src/Controller/Post/PostChangeAdultController.php +++ b/src/Controller/Post/PostChangeAdultController.php @@ -27,7 +27,7 @@ public function __invoke( Post $post, Request $request ): Response { - $this->validateCsrf('change_adult', $request->request->get('token')); + $this->validateCsrf('change_adult', $request->getPayload()->get('token')); $post->isAdult = 'on' === $request->get('adult'); diff --git a/src/Controller/Post/PostChangeMagazineController.php b/src/Controller/Post/PostChangeMagazineController.php index 3dec783fc..674e04e95 100644 --- a/src/Controller/Post/PostChangeMagazineController.php +++ b/src/Controller/Post/PostChangeMagazineController.php @@ -30,7 +30,7 @@ public function __invoke( Post $post, Request $request ): Response { - $this->validateCsrf('change_magazine', $request->request->get('token')); + $this->validateCsrf('change_magazine', $request->getPayload()->get('token')); $newMagazine = $this->repository->findOneByName($request->get('change_magazine')['new_magazine']); diff --git a/src/Controller/Post/PostDeleteController.php b/src/Controller/Post/PostDeleteController.php index d238d8042..b2f6d0055 100644 --- a/src/Controller/Post/PostDeleteController.php +++ b/src/Controller/Post/PostDeleteController.php @@ -28,7 +28,7 @@ public function delete( Post $post, Request $request ): Response { - $this->validateCsrf('post_delete', $request->request->get('token')); + $this->validateCsrf('post_delete', $request->getPayload()->get('token')); $this->manager->delete($this->getUserOrThrow(), $post); @@ -44,7 +44,7 @@ public function restore( Post $post, Request $request ): Response { - $this->validateCsrf('post_restore', $request->request->get('token')); + $this->validateCsrf('post_restore', $request->getPayload()->get('token')); $this->manager->restore($this->getUserOrThrow(), $post); @@ -60,7 +60,7 @@ public function purge( Post $post, Request $request ): Response { - $this->validateCsrf('post_purge', $request->request->get('token')); + $this->validateCsrf('post_purge', $request->getPayload()->get('token')); $this->manager->purge($this->getUserOrThrow(), $post); diff --git a/src/Controller/Post/PostPinController.php b/src/Controller/Post/PostPinController.php index 03d8b2fbe..dc0f18c15 100644 --- a/src/Controller/Post/PostPinController.php +++ b/src/Controller/Post/PostPinController.php @@ -29,7 +29,7 @@ public function __invoke( Post $post, Request $request ): Response { - $this->validateCsrf('post_pin', $request->request->get('token')); + $this->validateCsrf('post_pin', $request->getPayload()->get('token')); $entry = $this->manager->pin($post); diff --git a/src/Controller/Tag/TagBanController.php b/src/Controller/Tag/TagBanController.php index b6cad5814..688f3a73b 100644 --- a/src/Controller/Tag/TagBanController.php +++ b/src/Controller/Tag/TagBanController.php @@ -22,7 +22,7 @@ public function __construct( #[IsGranted('ROLE_ADMIN')] public function ban(string $name, Request $request): Response { - $this->validateCsrf('ban', $request->request->get('token')); + $this->validateCsrf('ban', $request->getPayload()->get('token')); $hashtag = $this->tagRepository->findOneBy(['tag' => $name]); if (null === $hashtag) { @@ -36,7 +36,7 @@ public function ban(string $name, Request $request): Response #[IsGranted('ROLE_ADMIN')] public function unban(string $name, Request $request): Response { - $this->validateCsrf('ban', $request->request->get('token')); + $this->validateCsrf('ban', $request->getPayload()->get('token')); $hashtag = $this->tagRepository->findOneBy(['tag' => $name]); if ($hashtag) { diff --git a/src/Controller/User/Profile/User2FAController.php b/src/Controller/User/Profile/User2FAController.php index 03fbe4684..df639691a 100644 --- a/src/Controller/User/Profile/User2FAController.php +++ b/src/Controller/User/Profile/User2FAController.php @@ -101,7 +101,7 @@ public function enable(Request $request): Response #[IsGranted('ROLE_USER')] public function disable(Request $request): Response { - $this->validateCsrf('user_2fa_remove', $request->request->get('token')); + $this->validateCsrf('user_2fa_remove', $request->getPayload()->get('token')); $user = $this->getUserOrThrow(); if (!$user->isTotpAuthenticationEnabled()) { @@ -142,7 +142,7 @@ public function qrCode(Request $request): Response #[IsGranted('ROLE_ADMIN')] public function remove(User $user, Request $request): Response { - $this->validateCsrf('user_2fa_remove', $request->request->get('token')); + $this->validateCsrf('user_2fa_remove', $request->getPayload()->get('token')); $this->twoFactorManager->remove2FA($user); diff --git a/src/Controller/User/Profile/UserNotificationController.php b/src/Controller/User/Profile/UserNotificationController.php index b67ead9e0..162d56aa1 100644 --- a/src/Controller/User/Profile/UserNotificationController.php +++ b/src/Controller/User/Profile/UserNotificationController.php @@ -29,7 +29,7 @@ public function notifications(NotificationRepository $repository, Request $reque #[IsGranted('ROLE_USER')] public function read(NotificationManager $manager, Request $request): Response { - $this->validateCsrf('read_notifications', $request->request->get('token')); + $this->validateCsrf('read_notifications', $request->getPayload()->get('token')); $manager->markAllAsRead($this->getUserOrThrow()); @@ -39,7 +39,7 @@ public function read(NotificationManager $manager, Request $request): Response #[IsGranted('ROLE_USER')] public function clear(NotificationManager $manager, Request $request): Response { - $this->validateCsrf('clear_notifications', $request->request->get('token')); + $this->validateCsrf('clear_notifications', $request->getPayload()->get('token')); $manager->clear($this->getUserOrThrow()); diff --git a/src/Controller/User/Profile/UserVerifyController.php b/src/Controller/User/Profile/UserVerifyController.php index ecfb784a8..feb5aea19 100644 --- a/src/Controller/User/Profile/UserVerifyController.php +++ b/src/Controller/User/Profile/UserVerifyController.php @@ -22,7 +22,7 @@ public function __construct( #[IsGranted('ROLE_ADMIN')] public function __invoke(User $user, Request $request): Response { - $this->validateCsrf('user_verify', $request->request->get('token')); + $this->validateCsrf('user_verify', $request->getPayload()->get('token')); $this->manager->adminUserVerify($user); diff --git a/src/Controller/User/UserBanController.php b/src/Controller/User/UserBanController.php index ba3fd161e..8d071be90 100644 --- a/src/Controller/User/UserBanController.php +++ b/src/Controller/User/UserBanController.php @@ -18,7 +18,7 @@ class UserBanController extends AbstractController #[IsGranted(new Expression('is_granted("ROLE_ADMIN") or is_granted("ROLE_MODERATOR")'))] public function ban(User $user, UserManager $manager, Request $request): Response { - $this->validateCsrf('user_ban', $request->request->get('token')); + $this->validateCsrf('user_ban', $request->getPayload()->get('token')); $manager->ban($user); @@ -38,7 +38,7 @@ public function ban(User $user, UserManager $manager, Request $request): Respons #[IsGranted(new Expression('is_granted("ROLE_ADMIN") or is_granted("ROLE_MODERATOR")'))] public function unban(User $user, UserManager $manager, Request $request): Response { - $this->validateCsrf('user_ban', $request->request->get('token')); + $this->validateCsrf('user_ban', $request->getPayload()->get('token')); $manager->unban($user); diff --git a/src/Controller/User/UserBlockController.php b/src/Controller/User/UserBlockController.php index 94396277a..482e5a514 100644 --- a/src/Controller/User/UserBlockController.php +++ b/src/Controller/User/UserBlockController.php @@ -17,7 +17,7 @@ class UserBlockController extends AbstractController #[IsGranted('ROLE_USER')] public function block(User $blocked, UserManager $manager, Request $request): Response { - $this->validateCsrf('block', $request->request->get('token')); + $this->validateCsrf('block', $request->getPayload()->get('token')); $manager->block($this->getUserOrThrow(), $blocked); @@ -31,7 +31,7 @@ public function block(User $blocked, UserManager $manager, Request $request): Re #[IsGranted('ROLE_USER')] public function unblock(User $blocked, UserManager $manager, Request $request): Response { - $this->validateCsrf('block', $request->request->get('token')); + $this->validateCsrf('block', $request->getPayload()->get('token')); $manager->unblock($this->getUserOrThrow(), $blocked); diff --git a/src/Controller/User/UserDeleteController.php b/src/Controller/User/UserDeleteController.php index 8cc69dcf8..9467770ff 100644 --- a/src/Controller/User/UserDeleteController.php +++ b/src/Controller/User/UserDeleteController.php @@ -16,7 +16,7 @@ class UserDeleteController extends AbstractController #[IsGranted('ROLE_ADMIN')] public function deleteAccount(User $user, UserManager $manager, Request $request): Response { - $this->validateCsrf('user_delete_account', $request->request->get('token')); + $this->validateCsrf('user_delete_account', $request->getPayload()->get('token')); $manager->delete($user); @@ -26,7 +26,7 @@ public function deleteAccount(User $user, UserManager $manager, Request $request #[IsGranted('ROLE_ADMIN')] public function scheduleDeleteAccount(User $user, UserManager $manager, Request $request): Response { - $this->validateCsrf('schedule_user_delete_account', $request->request->get('token')); + $this->validateCsrf('schedule_user_delete_account', $request->getPayload()->get('token')); $manager->deleteRequest($user, false); @@ -36,7 +36,7 @@ public function scheduleDeleteAccount(User $user, UserManager $manager, Request #[IsGranted('ROLE_ADMIN')] public function removeScheduleDeleteAccount(User $user, UserManager $manager, Request $request): Response { - $this->validateCsrf('remove_schedule_user_delete_account', $request->request->get('token')); + $this->validateCsrf('remove_schedule_user_delete_account', $request->getPayload()->get('token')); $manager->removeDeleteRequest($user); diff --git a/src/Controller/User/UserFollowController.php b/src/Controller/User/UserFollowController.php index ef9f4fd88..8a5f19bf1 100644 --- a/src/Controller/User/UserFollowController.php +++ b/src/Controller/User/UserFollowController.php @@ -18,7 +18,7 @@ class UserFollowController extends AbstractController #[IsGranted('follow', subject: 'following')] public function follow(User $following, UserManager $manager, Request $request): Response { - $this->validateCsrf('follow', $request->request->get('token')); + $this->validateCsrf('follow', $request->getPayload()->get('token')); $manager->follow($this->getUserOrThrow(), $following); @@ -33,7 +33,7 @@ public function follow(User $following, UserManager $manager, Request $request): #[IsGranted('follow', subject: 'following')] public function unfollow(User $following, UserManager $manager, Request $request): Response { - $this->validateCsrf('follow', $request->request->get('token')); + $this->validateCsrf('follow', $request->getPayload()->get('token')); $manager->unfollow($this->getUserOrThrow(), $following); diff --git a/src/Controller/User/UserRemoveFollowing.php b/src/Controller/User/UserRemoveFollowing.php index dd6cafe0b..bc0cb9748 100644 --- a/src/Controller/User/UserRemoveFollowing.php +++ b/src/Controller/User/UserRemoveFollowing.php @@ -16,7 +16,7 @@ class UserRemoveFollowing extends AbstractController #[IsGranted('ROLE_ADMIN')] public function __invoke(User $user, UserManager $manager, Request $request): Response { - $this->validateCsrf('user_remove_following', $request->request->get('token')); + $this->validateCsrf('user_remove_following', $request->getPayload()->get('token')); $manager->removeFollowing($user); diff --git a/src/Controller/User/UserSuspendController.php b/src/Controller/User/UserSuspendController.php index e9be231f6..d41b0fc5c 100644 --- a/src/Controller/User/UserSuspendController.php +++ b/src/Controller/User/UserSuspendController.php @@ -22,7 +22,7 @@ public function __construct( #[IsGranted(new Expression('is_granted("ROLE_ADMIN") or is_granted("ROLE_MODERATOR")'))] public function suspend(User $user, Request $request): Response { - $this->validateCsrf('user_suspend', $request->request->get('token')); + $this->validateCsrf('user_suspend', $request->getPayload()->get('token')); $this->userManager->suspend($user); @@ -34,7 +34,7 @@ public function suspend(User $user, Request $request): Response #[IsGranted(new Expression('is_granted("ROLE_ADMIN") or is_granted("ROLE_MODERATOR")'))] public function unsuspend(User $user, Request $request): Response { - $this->validateCsrf('user_suspend', $request->request->get('token')); + $this->validateCsrf('user_suspend', $request->getPayload()->get('token')); $this->userManager->unsuspend($user); diff --git a/src/Controller/VoteController.php b/src/Controller/VoteController.php index 44aa61e62..f9b5c3635 100644 --- a/src/Controller/VoteController.php +++ b/src/Controller/VoteController.php @@ -30,7 +30,7 @@ public function __construct( #[IsGranted('vote', subject: 'votable')] public function __invoke(VotableInterface $votable, int $choice, Request $request): Response { - $this->validateCsrf('vote', $request->request->get('token')); + $this->validateCsrf('down_vote', $request->getPayload()->get('token')); if (VotableInterface::VOTE_DOWN === $choice && DownvotesMode::Disabled === $this->settingsManager->getDownvotesMode()) { throw new BadRequestException('Downvotes are disabled!'); } diff --git a/templates/components/favourite.html.twig b/templates/components/favourite.html.twig index 4a7212935..bbe51501e 100644 --- a/templates/components/favourite.html.twig +++ b/templates/components/favourite.html.twig @@ -1,6 +1,6 @@
- + -
\ No newline at end of file + diff --git a/templates/components/vote.html.twig b/templates/components/vote.html.twig index dbda8eb23..c56aba7be 100644 --- a/templates/components/vote.html.twig +++ b/templates/components/vote.html.twig @@ -33,7 +33,7 @@ data-action="subject#vote"> {{ subject.apLikeCount ?? subject.favouriteCount }} - + {% set downvoteMode = mbin_downvotes_mode() %} {% if showDownvote and downvoteMode is not same as DOWNVOTES_DISABLED %} @@ -51,7 +51,7 @@ {% endif %} - + {% endif %}