diff options
| author | Jérémy Benoist <j0k3r@users.noreply.github.com> | 2019-01-03 09:14:26 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-01-03 09:14:26 +0100 |
| commit | 2378fd6347dd1a824c8e1f4f7c3892c6eccddc85 (patch) | |
| tree | cd039dc92f7a7a0dde5c6ca7484b8a9eefc359ca /src/Wallabag/ApiBundle/Controller/TagRestController.php | |
| parent | 4d0c632c70ea50d459c3c55ddda2e0f394dd51cb (diff) | |
| parent | 6c40d7fc85b98e335adf765d1c6b4465647da62c (diff) | |
| download | wallabag-2378fd6347dd1a824c8e1f4f7c3892c6eccddc85.tar.gz wallabag-2378fd6347dd1a824c8e1f4f7c3892c6eccddc85.tar.zst wallabag-2378fd6347dd1a824c8e1f4f7c3892c6eccddc85.zip | |
Merge pull request #3823 from wallabag/fix-tag-api-leak
Fix tag API leak
Diffstat (limited to 'src/Wallabag/ApiBundle/Controller/TagRestController.php')
| -rw-r--r-- | src/Wallabag/ApiBundle/Controller/TagRestController.php | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/src/Wallabag/ApiBundle/Controller/TagRestController.php b/src/Wallabag/ApiBundle/Controller/TagRestController.php index c6d6df6a..f3498f55 100644 --- a/src/Wallabag/ApiBundle/Controller/TagRestController.php +++ b/src/Wallabag/ApiBundle/Controller/TagRestController.php | |||
| @@ -46,12 +46,14 @@ class TagRestController extends WallabagRestController | |||
| 46 | $this->validateAuthentication(); | 46 | $this->validateAuthentication(); |
| 47 | $label = $request->get('tag', ''); | 47 | $label = $request->get('tag', ''); |
| 48 | 48 | ||
| 49 | $tag = $this->getDoctrine()->getRepository('WallabagCoreBundle:Tag')->findOneByLabel($label); | 49 | $tags = $this->getDoctrine()->getRepository('WallabagCoreBundle:Tag')->findByLabelsAndUser([$label], $this->getUser()->getId()); |
| 50 | 50 | ||
| 51 | if (empty($tag)) { | 51 | if (empty($tags)) { |
| 52 | throw $this->createNotFoundException('Tag not found'); | 52 | throw $this->createNotFoundException('Tag not found'); |
| 53 | } | 53 | } |
| 54 | 54 | ||
| 55 | $tag = $tags[0]; | ||
| 56 | |||
| 55 | $this->getDoctrine() | 57 | $this->getDoctrine() |
| 56 | ->getRepository('WallabagCoreBundle:Entry') | 58 | ->getRepository('WallabagCoreBundle:Entry') |
| 57 | ->removeTag($this->getUser()->getId(), $tag); | 59 | ->removeTag($this->getUser()->getId(), $tag); |
| @@ -80,15 +82,7 @@ class TagRestController extends WallabagRestController | |||
| 80 | 82 | ||
| 81 | $tagsLabels = $request->get('tags', ''); | 83 | $tagsLabels = $request->get('tags', ''); |
| 82 | 84 | ||
| 83 | $tags = []; | 85 | $tags = $this->getDoctrine()->getRepository('WallabagCoreBundle:Tag')->findByLabelsAndUser(explode(',', $tagsLabels), $this->getUser()->getId()); |
| 84 | |||
| 85 | foreach (explode(',', $tagsLabels) as $tagLabel) { | ||
| 86 | $tagEntity = $this->getDoctrine()->getRepository('WallabagCoreBundle:Tag')->findOneByLabel($tagLabel); | ||
| 87 | |||
| 88 | if (!empty($tagEntity)) { | ||
| 89 | $tags[] = $tagEntity; | ||
| 90 | } | ||
| 91 | } | ||
| 92 | 86 | ||
| 93 | if (empty($tags)) { | 87 | if (empty($tags)) { |
| 94 | throw $this->createNotFoundException('Tags not found'); | 88 | throw $this->createNotFoundException('Tags not found'); |
| @@ -120,6 +114,12 @@ class TagRestController extends WallabagRestController | |||
| 120 | { | 114 | { |
| 121 | $this->validateAuthentication(); | 115 | $this->validateAuthentication(); |
| 122 | 116 | ||
| 117 | $tagFromDb = $this->getDoctrine()->getRepository('WallabagCoreBundle:Tag')->findByLabelsAndUser([$tag->getLabel()], $this->getUser()->getId()); | ||
| 118 | |||
| 119 | if (empty($tagFromDb)) { | ||
| 120 | throw $this->createNotFoundException('Tag not found'); | ||
| 121 | } | ||
| 122 | |||
| 123 | $this->getDoctrine() | 123 | $this->getDoctrine() |
| 124 | ->getRepository('WallabagCoreBundle:Entry') | 124 | ->getRepository('WallabagCoreBundle:Entry') |
| 125 | ->removeTag($this->getUser()->getId(), $tag); | 125 | ->removeTag($this->getUser()->getId(), $tag); |