[Insight] A GET action should not modify an existing resource - in src/…/Controller/CorpusAdminController.php, line 317

in src/AppBundle/Controller/CorpusAdminController.php, line 317

The action AppBundle\Controller\CorpusAdminController::unpinTextAction modifies an existing resource even though it can only be called with GET HTTP verb. Such an action should only accept PUT, POST, DELETE, or PATCH methods to avoid accidental data modification.

                $pinnedText = $this->getDoctrine()
                                ->getRepository("AppBundle:PinnedText")
                                ->findBy(['corpusId' => $cid, 'userId' => $uid, 'textId' => $text]);
                if($pinnedText) {
                    $em = $this->getDoctrine()->getManager();
                    $em->remove($pinnedText[0]);
                    $em->flush();
                    $em->clear();
                }

                return new JsonResponse("Success");

Posted from SensioLabsInsight

dinel / metadiscourse-annotator

[Insight] A GET action should not modify an existing resource - in src/…/Controller/CorpusAdminController.php, line 317 #75