Fix: csrf

robertSt7 · dvesh3 · commit c7c7c54c641f · 2023-07-04T10:32:38.000+02:00
diff --git a/src/Controller/CartController.php b/src/Controller/CartController.php
@@ -27,6 +27,7 @@
 use Symfony\Component\HttpFoundation\RedirectResponse;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
 use Symfony\Component\Routing\Annotation\Route;
 
 class CartController extends FrontendController
@@ -105,15 +106,23 @@ public function cartListingAction(Request $request, BreadcrumbHelperService $bre
         $cart = $this->getCart();
 
         if ($request->getMethod() == Request::METHOD_POST) {
+            if (!$this->isCsrfTokenValid('cartListing', $request->get('_csrf_token'))) {
+                throw new AccessDeniedHttpException('Invalid request');
+            }
+
             $items = $request->get('items');
 
             foreach ($items as $itemKey => $quantity) {
+                if (!is_numeric($quantity)) {
+                    continue;
+                }
+
                 if ($cart->getItemCount() > 99) {
                     break;
                 }
                 $product = AbstractProduct::getById($itemKey);
                 if ($product instanceof CheckoutableInterface) {
-                    $cart->updateItem($itemKey, $product, $quantity, true);
+                    $cart->updateItem($itemKey, $product, floor($quantity), true);
                 }
             }
             $cart->save();
diff --git a/templates/cart/cart_listing.html.twig b/templates/cart/cart_listing.html.twig
@@ -63,6 +63,7 @@
                     <h4 class="mb-3">{{ 'cart.title' | trans }}</h4>
                     <div class="card shopping-cart">
                         <form method="post">
+                            <input type="hidden" name="_csrf_token" value="{{ csrf_token('cartListing') }}">
                             <div class="card-body">
 
                                 {% for item in cart.items %}
