mirrors/wallabag
1
0
Fork 0
mirror of https://github.com/wallabag/wallabag.git synced 2025-02-17 03:05:19 +00:00
Code Issues Projects Releases Wiki Activity

Fix adding tag to entries from other people

Browse source 
I've also limited tag length to 20 chars (and limit adding more than 5 tags at once)
This commit is contained in:
Jeremy Benoist 2023-02-07 21:18:06 +01:00
parent 784bc1393c
commit 242e3feac9
No known key found for this signature in database
GPG key ID: 7168D5DD29F38552
2 changed files with 26 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
src/Wallabag/CoreBundle/Controller/TagController.php
View file

@ -17,7 +17,7 @@ use Wallabag\CoreBundle\Form\Type\RenameTagType;
class TagController extends Controller class TagController extends Controller
{ {
/** /**
* @Route("/new-tag/{entry}", requirements={"entry" = "\d+"}, name="new_tag") * @Route("/new-tag/{entry}", requirements={"entry" = "\d+"}, name="new_tag", methods={"POST"})
* *
* @return \Symfony\Component\HttpFoundation\Response * @return \Symfony\Component\HttpFoundation\Response
*/ */
@ -26,7 +26,17 @@ class TagController extends Controller
$form = $this->createForm(NewTagType::class, new Tag()); $form = $this->createForm(NewTagType::class, new Tag());
$form->handleRequest($request); $form->handleRequest($request);
$tags = $form->get('label')->getData();
$tagsExploded = explode(',', $tags);
// avoid too much tag to be added
if (\count($tagsExploded) >= 5 || \strlen($tags) >= NewTagType::MAX_LENGTH) {
return $this->redirect($this->generateUrl('view', ['id' => $entry->getId()]));
}
if ($form->isSubmitted() && $form->isValid()) { if ($form->isSubmitted() && $form->isValid()) {
$this->checkUserAction($entry);
$this->get('wallabag_core.tags_assigner')->assignTagsToEntry( $this->get('wallabag_core.tags_assigner')->assignTagsToEntry(
$entry, $entry,
$form->get('label')->getData() $form->get('label')->getData()
@ -59,6 +69,8 @@ class TagController extends Controller
*/ */
public function removeTagFromEntry(Request $request, Entry $entry, Tag $tag) public function removeTagFromEntry(Request $request, Entry $entry, Tag $tag)
{ {
$this->checkUserAction($entry);
$entry->removeTag($tag); $entry->removeTag($tag);
$em = $this->getDoctrine()->getManager(); $em = $this->getDoctrine()->getManager();
$em->flush(); $em->flush();
@ -222,4 +234,14 @@ class TagController extends Controller
return $this->redirect($this->get('wallabag_core.helper.redirect')->to($request->headers->get('referer'), '', true)); return $this->redirect($this->get('wallabag_core.helper.redirect')->to($request->headers->get('referer'), '', true));
} }
/**
* Check if the logged user can manage the given entry.
*/
private function checkUserAction(Entry $entry)
{
if (null === $this->getUser() || $this->getUser()->getId() !== $entry->getUser()->getId()) {
throw $this->createAccessDeniedException('You can not access this entry.');
}
}
} }

3
src/Wallabag/CoreBundle/Form/Type/NewTagType.php
View file

@ -10,6 +10,8 @@ use Symfony\Component\OptionsResolver\OptionsResolver;
class NewTagType extends AbstractType class NewTagType extends AbstractType
{ {
public const MAX_LENGTH = 40;
public function buildForm(FormBuilderInterface $builder, array $options) public function buildForm(FormBuilderInterface $builder, array $options)
{ {
$builder $builder
@ -17,6 +19,7 @@ class NewTagType extends AbstractType
'required' => true, 'required' => true,
'attr' => [ 'attr' => [
'placeholder' => 'tag.new.placeholder', 'placeholder' => 'tag.new.placeholder',
'max_length' => self::MAX_LENGTH,
], ],
]) ])
->add('add', SubmitType::class, [ ->add('add', SubmitType::class, [