Fix some CSRFs (#8000)

In two bookmark actions and one in `entryController`

Completes one TODO from #7923:

https://github.com/FreshRSS/FreshRSS/blob/de624dc8ce63ec819c61216d9d44f828841c293e/app/Controllers/entryController.php#L257

(a POST request is already sent in the frontend)

1 files changed, 8 insertions, 0 deletions

diff --git a/app/Controllers/configureController.php b/app/Controllers/configureController.php
index 993982184..50edbbff7 100644
--- a/app/Controllers/configureController.php
+++ b/app/Controllers/configureController.php
@@ -443,6 +443,10 @@ class FreshRSS_configure_Controller extends FreshRSS_ActionController {
 	 * Handles query deletion
 	 */
 	public function deleteQueryAction(): void {
+		if (!Minz_Request::isPost()) {
+			Minz_Error::error(403);
+			return;
+		}
 		$id = Minz_Request::paramInt('id');
 		if (Minz_Request::paramTernary('id') === null || empty(FreshRSS_Context::userConf()->queries[$id])) {
 			Minz_Error::error(404);
@@ -465,6 +469,10 @@ class FreshRSS_configure_Controller extends FreshRSS_ActionController {
 	 * lean data.
 	 */
 	public function bookmarkQueryAction(): void {
+		if (!Minz_Request::isPost()) {
+			Minz_Error::error(403);
+			return;
+		}
 		$queries = [];
 		foreach (FreshRSS_Context::userConf()->queries as $key => $query) {
 			$queries[$key] = (new FreshRSS_UserQuery($query, FreshRSS_Context::categories(), FreshRSS_Context::labels()))->toArray();