Skip to content

Commit

Permalink
[Admin] Logout action should use POST method
Browse files Browse the repository at this point in the history
  • Loading branch information
@dvesh3
dvesh3 committed Dec 9, 2021
1 parent 34ed0e0 commit 3088cec
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 5 deletions.
2 changes: 1 addition & 1 deletion bundles/AdminBundle/Controller/Admin/LoginController.php
View file
Expand Up @@ -145,7 +145,7 @@ public function csrfTokenAction(Request $request, CsrfProtectionHandler $csrfPro
}

/**
* @Route("/logout", name="pimcore_admin_logout")
* @Route("/logout", name="pimcore_admin_logout" , methods={"POST"})
*/
public function logoutAction()
{
Expand Down
12 changes: 9 additions & 3 deletions bundles/AdminBundle/Resources/views/Admin/Index/index.html.twig
View file
Expand Up @@ -145,9 +145,15 @@
<div id="pimcore_avatar" style="display:none;">
<img src="{{ path('pimcore_admin_user_getimage') }}" data-menu-tooltip="{{ user.name }} | {{ 'my_profile'|trans([],'admin') }}"/>
</div>
<a id="pimcore_logout" data-menu-tooltip="{{ "logout"|trans([],'admin') }}" href="{{ path('pimcore_admin_logout') }}" style="display: none">
<img src="/bundles/pimcoreadmin/img/material-icons/outline-logout-24px.svg">
</a>
<form id="pimcore_logout_form" method="post" action="{{ path('pimcore_admin_logout') }}">
<input type="hidden" name="csrfToken" value="{{ pimcore_csrf.getCsrfToken() }}">
<a id="pimcore_logout" data-menu-tooltip="{{ "logout"|trans([],'admin') }}"
href="#" onclick="document.getElementById('pimcore_logout_form').submit();" style="display: none">
<img src="/bundles/pimcoreadmin/img/material-icons/outline-logout-24px.svg">
</a>
</form>
<div id="pimcore_signet" data-menu-tooltip="Pimcore Platform ({{ settings.version }}|{{ settings.build }})" style="text-indent: -10000px">
BE RESPECTFUL AND HONOR OUR WORK FOR FREE & OPEN SOURCE SOFTWARE BY NOT REMOVING OUR LOGO.
WE OFFER YOU THE POSSIBILITY TO ADDITIONALLY ADD YOUR OWN LOGO IN PIMCORE'S SYSTEM SETTINGS. THANK YOU!
Expand Down
7 changes: 6 additions & 1 deletion bundles/AdminBundle/Resources/views/Admin/Login/twoFactorAuthentication.html.twig
View file
Expand Up @@ -18,7 +18,12 @@
<button type="submit">{{ 'Login'|trans([],'admin') }}</button>
</form>

<a href="{{ path('pimcore_admin_logout') }}">{{ 'Back to Login'|trans([],'admin') }}</a>
<form id="pimcore_logout_form" method="post" action="{{ path('pimcore_admin_logout') }}">
<input type="hidden" name="csrfToken" value="{{ pimcore_csrf.getCsrfToken() }}">
<a href="#" onclick="document.getElementById('pimcore_logout_form').submit();">{{ 'Back to Login'|trans([],'admin') }}</a>
</form>



{{ pimcore_breach_attack_random_content() }}
{% endblock %}
Expand Down

0 comments on commit 3088cec

Please sign in to comment.