"make homepage" route in routing auto tutorial is insecure

Question

"make homepage" route in routing auto tutorial is insecure

dantleech opened this issue 9 years ago · 4 comments

http://symfony.com/doc/current/cmf/tutorial/make-homepage.html

as on IRC:

 | A simple fix would be to change the root to                                    
 | - /admin/action/make_homepage/                                                 
 | then when firewalls are configured for the admin bundle they apply to that     
 | route also

Answer 1 · 2015-05-29T06:22:08.000Z

and also makeHomepageAction should only allow POST and not GET - if i see it correctly it does not specify the method currently.

Answer 2 · 2016-08-20T10:38:56.000Z

@dantleech did #763 fix this?

Answer 3 · 2016-08-20T13:16:43.000Z

No, but #777
would

On Sat, Aug 20, 2016 at 03:38:56AM -0700, David Buchmann wrote:

[1]@dantleech did [2]#763 fix this?

—
You are receiving this because you were mentioned.
Reply to this email directly, [3]view it on GitHub, or [4]mute the thread.

Reverse link: [5]unknown

References

Visible links

https://github.com/dantleech

#763

#680 (comment)

https://github.com/notifications/unsubscribe-auth/AAgZcSziQkxR_GdHa5AwzqfjCny_P2j2ks5qhtlAgaJpZM4EuoUI

#680 (comment)

Answer 4 · 2016-08-20T13:21:14.000Z

fixed in #777