CSRF Protection (#235)

* Fix alert class name

* feature: csrf protection

* Cosmetics

* Fix token generate

* Admin Panel: changelogs csrf protection

* news/id route

* Refactor admin newses + add csrf

* Use admin.links instead

* Admin panel: Pages csrf

* Menus: better csrf + add success message on reset colors

* Plugins csrf

* Move definitions

* add info function, same as note($message)

* Update mailer.php

* Fix new page/news links

* clear_cache & maintenance csrf

* Formatting

* Fix news type

* Fix changelog link

* Add new changelog link

* More info to confirm dialog

* This is always true
This commit is contained in:
Slawomir Boczek
2023-11-11 10:57:57 +01:00
committed by GitHub
parent a04fbde607
commit 790d85a88a
89 changed files with 789 additions and 504 deletions

View File

@@ -61,6 +61,7 @@
<tr>
<td style="border:0;">
<form action="{{ guild.link }}" method="post">
{{ csrf() }}
{{ include('buttons.view.html.twig') }}
</form>
</td>
@@ -82,11 +83,10 @@
<td>
<table border="0" cellpadding="0" cellspacing="0" width="100%">
<form action="?subtopic=guilds&action=create" method="post">
<form action="?subtopic=guilds&action=create" method="post">
{% set button_name = 'Found Guild' %}
{% set button_image = '_sbutton_foundguild' %}
{% include('buttons.base.html.twig') %}
</form>
{{ csrf() }}
{% set button_name = 'Found Guild' %}
{% set button_image = '_sbutton_foundguild' %}
{% include('buttons.base.html.twig') %}
</form>
</table>
</td>
@@ -128,6 +128,7 @@
{% if logged %}
No guild found that suits your needs?
<form action="?subtopic=guilds&action=create" method="post">
{{ csrf() }}
{% set button_name = 'Found Guild' %}
{% set button_image = '_sbutton_foundguild' %}
{% include('buttons.base.html.twig') %}
@@ -136,6 +137,7 @@
<b>Before you can create a guild you must login.</b>
<br/>
<form action="?subtopic=accountmanagement&redirect={{ getLink('guilds') }}" method="post">
{{ csrf() }}
{% include('buttons.login.html.twig') %}
</form>
{% endif %}