diff --git a/src/Wallabag/CoreBundle/Controller/ConfigController.php b/src/Wallabag/CoreBundle/Controller/ConfigController.php index 5841f4da7b..acca1cfc0a 100644 --- a/src/Wallabag/CoreBundle/Controller/ConfigController.php +++ b/src/Wallabag/CoreBundle/Controller/ConfigController.php @@ -586,7 +586,7 @@ public function resetAction($type) /** * Delete account for current user. * - * @Route("/account/delete", name="delete_account") + * @Route("/account/delete", name="delete_account", methods={"POST"}) * * @throws AccessDeniedHttpException * @@ -594,6 +594,10 @@ public function resetAction($type) */ public function deleteAccountAction(Request $request) { + if (!$this->isCsrfTokenValid('delete-account', $request->request->get('token'))) { + throw $this->createAccessDeniedException('Bad CSRF token.'); + } + $enabledUsers = $this->get('wallabag_user.user_repository') ->getSumEnabledUsers(); diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/material/Config/index.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/material/Config/index.html.twig index 28ff364cbf..c55df53003 100644 --- a/src/Wallabag/CoreBundle/Resources/views/themes/material/Config/index.html.twig +++ b/src/Wallabag/CoreBundle/Resources/views/themes/material/Config/index.html.twig @@ -548,7 +548,7 @@ - +
{{ 'config.form_user.delete.description'|trans }}
- - {{ 'config.form_user.delete.button'|trans }} - +