aboutsummaryrefslogtreecommitdiffstats
path: root/view/theme/diabook
diff options
context:
space:
mode:
authorTobias Hößl <tobias@hoessl.eu>2012-04-18 07:24:47 +0000
committerTobias Hößl <tobias@hoessl.eu>2012-04-18 07:24:47 +0000
commitd7e750ad74c8a43d54e9ca95631fa754831bf581 (patch)
tree5c17c9cdd679bc6ef8326b8aeab218ebba95afe0 /view/theme/diabook
parent1b6c84d8f453ff591451e3304547b239a3d86c5b (diff)
downloadvolse-hubzilla-d7e750ad74c8a43d54e9ca95631fa754831bf581.tar.gz
volse-hubzilla-d7e750ad74c8a43d54e9ca95631fa754831bf581.tar.bz2
volse-hubzilla-d7e750ad74c8a43d54e9ca95631fa754831bf581.zip
XSRF protection and PHPdoc for mod/admin.php
Diffstat (limited to 'view/theme/diabook')
-rw-r--r--view/theme/diabook/admin_users.tpl5
1 files changed, 3 insertions, 2 deletions
diff --git a/view/theme/diabook/admin_users.tpl b/view/theme/diabook/admin_users.tpl
index 40f94f5fe..b465dc1b0 100644
--- a/view/theme/diabook/admin_users.tpl
+++ b/view/theme/diabook/admin_users.tpl
@@ -14,6 +14,7 @@
<h1>$title - $page</h1>
<form action="$baseurl/admin/users" method="post">
+ <input type='hidden' name='form_security_token' value='$form_security_token'>
<h3>$h_pending</h3>
{{ if $pending }}
@@ -72,8 +73,8 @@
<td class='login_date'>$u.page-flags</td>
<td class="checkbox"><input type="checkbox" class="users_ckbx" id="id_user_$u.uid" name="user[]" value="$u.uid"/></td>
<td class="tools" style="width:60px;">
- <a href="$baseurl/admin/users/block/$u.uid" title='{{ if $u.blocked }}$unblock{{ else }}$block{{ endif }}'><span class='icon block {{ if $u.blocked==0 }}dim{{ endif }}'></span></a>
- <a href="$baseurl/admin/users/delete/$u.uid" title='$delete' onclick="return confirm_delete('$u.name')"><span class='icon ad_drop'></span></a>
+ <a href="$baseurl/admin/users/block/$u.uid?t=$form_security_token" title='{{ if $u.blocked }}$unblock{{ else }}$block{{ endif }}'><span class='icon block {{ if $u.blocked==0 }}dim{{ endif }}'></span></a>
+ <a href="$baseurl/admin/users/delete/$u.uid?t=$form_security_token" title='$delete' onclick="return confirm_delete('$u.name')"><span class='icon ad_drop'></span></a>
</td>
</tr>
{{ endfor }}