mirror of
https://github.com/slawkens/myaac.git
synced 2025-10-20 20:43:26 +02:00
CSRF Protection (#235)
* Fix alert class name * feature: csrf protection * Cosmetics * Fix token generate * Admin Panel: changelogs csrf protection * news/id route * Refactor admin newses + add csrf * Use admin.links instead * Admin panel: Pages csrf * Menus: better csrf + add success message on reset colors * Plugins csrf * Move definitions * add info function, same as note($message) * Update mailer.php * Fix new page/news links * clear_cache & maintenance csrf * Formatting * Fix news type * Fix changelog link * Add new changelog link * More info to confirm dialog * This is always true
This commit is contained in:
@@ -61,6 +61,7 @@
|
||||
<tr>
|
||||
<td style="border:0;">
|
||||
<form action="{{ guild.link }}" method="post">
|
||||
{{ csrf() }}
|
||||
{{ include('buttons.view.html.twig') }}
|
||||
</form>
|
||||
</td>
|
||||
@@ -82,11 +83,10 @@
|
||||
<td>
|
||||
<table border="0" cellpadding="0" cellspacing="0" width="100%">
|
||||
<form action="?subtopic=guilds&action=create" method="post">
|
||||
<form action="?subtopic=guilds&action=create" method="post">
|
||||
{% set button_name = 'Found Guild' %}
|
||||
{% set button_image = '_sbutton_foundguild' %}
|
||||
{% include('buttons.base.html.twig') %}
|
||||
</form>
|
||||
{{ csrf() }}
|
||||
{% set button_name = 'Found Guild' %}
|
||||
{% set button_image = '_sbutton_foundguild' %}
|
||||
{% include('buttons.base.html.twig') %}
|
||||
</form>
|
||||
</table>
|
||||
</td>
|
||||
@@ -128,6 +128,7 @@
|
||||
{% if logged %}
|
||||
No guild found that suits your needs?
|
||||
<form action="?subtopic=guilds&action=create" method="post">
|
||||
{{ csrf() }}
|
||||
{% set button_name = 'Found Guild' %}
|
||||
{% set button_image = '_sbutton_foundguild' %}
|
||||
{% include('buttons.base.html.twig') %}
|
||||
@@ -136,6 +137,7 @@
|
||||
<b>Before you can create a guild you must login.</b>
|
||||
<br/>
|
||||
<form action="?subtopic=accountmanagement&redirect={{ getLink('guilds') }}" method="post">
|
||||
{{ csrf() }}
|
||||
{% include('buttons.login.html.twig') %}
|
||||
</form>
|
||||
{% endif %}
|
||||
|
Reference in New Issue
Block a user