Digitalstack/myaac
2
0
Fork 0
mirror of https://github.com/slawkens/myaac.git synced 2025-10-14 09:44:55 +02:00
Code Issues Packages Projects Releases Wiki Activity

CSRF Protection (#235)

Browse Source 
* Fix alert class name

* feature: csrf protection

* Cosmetics

* Fix token generate

* Admin Panel: changelogs csrf protection

* news/id route

* Refactor admin newses + add csrf

* Use admin.links instead

* Admin panel: Pages csrf

* Menus: better csrf + add success message on reset colors

* Plugins csrf

* Move definitions

* add info function, same as note($message)

* Update mailer.php

* Fix new page/news links

* clear_cache & maintenance csrf

* Formatting

* Fix news type

* Fix changelog link

* Add new changelog link

* More info to confirm dialog

* This is always true
This commit is contained in:
Slawomir Boczek
2023-11-11 10:57:57 +01:00
committed by GitHub
parent a04fbde607
commit 790d85a88a
89 changed files with 789 additions and 504 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
system/templates/admin.plugins.html.twig
View File

@@ -19,13 +19,17 @@
<tr>
<td>
{% if plugin.enabled %}
<a href="?p=plugins&disable={{ plugin.file }}" class="btn btn-success" onclick="return confirm('Are you sure you want to disable plugin {{ plugin.name }}?');" title="Disable">
<i class="fas fa-check"></i> Enabled
</a>
<form method="post">
{{ csrf() }}
<input type="hidden" name="disable" value="{{ plugin.file }}" />
<button type="submit" class="btn btn-success" onclick="return confirm('Are you sure you want to disable plugin {{ plugin.name }}?');" title="Disable"><i class="fas fa-check"></i> Enabled</button>
</form>
{% else %}
<a href="?p=plugins&enable={{ plugin.file }}" class="btn btn-danger" onclick="return confirm('Are you sure you want to enable plugin {{ plugin.name }}?');" title="Enable">
<i class="fas fa-ban"></i> Disabled
</a>
<form method="post">
{{ csrf() }}
<input type="hidden" name="enable" value="{{ plugin.file }}" />
<button type="submit" class="btn btn-danger" onclick="return confirm('Are you sure you want to enable plugin {{ plugin.name }}?');" title="Enable"><i class="fas fa-ban"></i> Disabled</button>
</form>
{% endif %}
</td>
<td><b>{{ plugin.name }}</b><br>
@@ -38,9 +42,11 @@
<td>{{ plugin.file }}.json</td>
<td>
{% if plugin.uninstall %}
<a href="?p=plugins&uninstall={{ plugin.file }}" class="btn btn-danger btn-sm" onclick="return confirm('Are you sure you want to uninstall {{ plugin.name }}?');" title="Uninstall">
<i class="fas fa-trash"></i>
</a>
<form method="post">
{{ csrf() }}
<input type="hidden" name="uninstall" value="{{ plugin.file }}" />
<button type="submit" class="btn btn-danger btn-sm" onclick="return confirm('Are you sure you want to uninstall {{ plugin.name }}?');" title="Uninstall"><i class="fas fa-trash"></i></button>
</form>
{% endif %}
</td>
</tr>