aboutsummaryrefslogtreecommitdiffstats
path: root/view
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2012-03-13 14:36:52 -0700
committerfriendica <info@friendica.com>2012-03-13 14:36:52 -0700
commitacc4bbeb6ebc832da2a8b5a37b764a6a53dd1214 (patch)
tree018927c54c16f68aeae7153c81c404d3e9cbbc7d /view
parent5a4167646553e589cf9647c0e0d0446e3f5fd672 (diff)
parent59766b944c9ea3a45b1d7e8593f7bb5d4a0b8445 (diff)
downloadvolse-hubzilla-acc4bbeb6ebc832da2a8b5a37b764a6a53dd1214.tar.gz
volse-hubzilla-acc4bbeb6ebc832da2a8b5a37b764a6a53dd1214.tar.bz2
volse-hubzilla-acc4bbeb6ebc832da2a8b5a37b764a6a53dd1214.zip
Merge pull request #129 from CatoTH/master
CSRF-Protection and minor changes
Diffstat (limited to 'view')
-rwxr-xr-xview/cropbody.tpl1
-rwxr-xr-xview/profile_edit.tpl5
-rwxr-xr-xview/profile_listing_header.tpl2
-rwxr-xr-xview/profile_photo.tpl1
-rwxr-xr-xview/settings.tpl2
-rwxr-xr-xview/settings_addons.tpl1
-rwxr-xr-xview/settings_connectors.tpl1
-rwxr-xr-xview/settings_oauth.tpl5
-rwxr-xr-xview/settings_oauth_edit.tpl2
9 files changed, 14 insertions, 6 deletions
diff --git a/view/cropbody.tpl b/view/cropbody.tpl
index c9c0f84de..b484d15bf 100755
--- a/view/cropbody.tpl
+++ b/view/cropbody.tpl
@@ -40,6 +40,7 @@ $desc
</script>
<form action="profile_photo/$resource" id="crop-image-form" method="post" />
+<input type='hidden' name='form_security_token' value='$form_security_token'>
<input type="hidden" name="cropfinal" value="1" />
<input type="hidden" name="xstart" id="x1" />
diff --git a/view/profile_edit.tpl b/view/profile_edit.tpl
index 8dab72649..e5c7162d0 100755
--- a/view/profile_edit.tpl
+++ b/view/profile_edit.tpl
@@ -5,9 +5,9 @@ $default
<div id="profile-edit-links">
<ul>
<li><a href="profile/$profile_id/view?tab=profile" id="profile-edit-view-link" title="$viewprof">$viewprof</a></li>
-<li><a href="profiles/clone/$profile_id" id="profile-edit-clone-link" title="$cr_prof">$cl_prof</a></li>
+<li><a href="$profile_clone_link" id="profile-edit-clone-link" title="$cr_prof">$cl_prof</a></li>
<li></li>
-<li><a href="profiles/drop/$profile_id" id="profile-edit-drop-link" title="$del_prof" $disabled >$del_prof</a></li>
+<li><a href="$profile_drop_link" id="profile-edit-drop-link" title="$del_prof" $disabled >$del_prof</a></li>
</ul>
</div>
@@ -17,6 +17,7 @@ $default
<div id="profile-edit-wrapper" >
<form id="profile-edit-form" name="form1" action="profiles/$profile_id" method="post" >
+<input type='hidden' name='form_security_token' value='$form_security_token'>
<div id="profile-edit-profile-name-wrapper" >
<label id="profile-edit-profile-name-label" for="profile-edit-profile-name" >$lbl_profname </label>
diff --git a/view/profile_listing_header.tpl b/view/profile_listing_header.tpl
index 09e4fc9b2..61a273792 100755
--- a/view/profile_listing_header.tpl
+++ b/view/profile_listing_header.tpl
@@ -3,6 +3,6 @@
<a href="profile_photo" >$chg_photo</a>
</p>
<div id="profile-listing-new-link-wrapper" class="button" >
-<a href="profiles/new" id="profile-listing-new-link" title="$cr_new" >$cr_new</a>
+<a href="$cr_new_link" id="profile-listing-new-link" title="$cr_new" >$cr_new</a>
</div>
diff --git a/view/profile_photo.tpl b/view/profile_photo.tpl
index f258b5b86..0b3a1cac1 100755
--- a/view/profile_photo.tpl
+++ b/view/profile_photo.tpl
@@ -1,6 +1,7 @@
<h1>$title</h1>
<form enctype="multipart/form-data" action="profile_photo" method="post">
+<input type='hidden' name='form_security_token' value='$form_security_token'>
<div id="profile-photo-upload-wrapper">
<label id="profile-photo-upload-label" for="profile-photo-upload">$lbl_upfile </label>
diff --git a/view/settings.tpl b/view/settings.tpl
index 46c737b23..25479b5bf 100755
--- a/view/settings.tpl
+++ b/view/settings.tpl
@@ -5,7 +5,7 @@ $tabs
$nickname_block
<form action="settings" id="settings-form" method="post" autocomplete="off" >
-
+<input type='hidden' name='form_security_token' value='$form_security_token'>
<h3 class="settings-heading">$h_pass</h3>
diff --git a/view/settings_addons.tpl b/view/settings_addons.tpl
index 2cbfd17e9..28fca5362 100755
--- a/view/settings_addons.tpl
+++ b/view/settings_addons.tpl
@@ -4,6 +4,7 @@ $tabs
<form action="settings/addon" method="post" autocomplete="off">
+<input type='hidden' name='form_security_token' value='$form_security_token'>
$settings_addons
diff --git a/view/settings_connectors.tpl b/view/settings_connectors.tpl
index 9493c8bf7..43c0346bb 100755
--- a/view/settings_connectors.tpl
+++ b/view/settings_connectors.tpl
@@ -6,6 +6,7 @@ $tabs
<div class="connector_statusmsg">$ostat_enabled</div>
<form action="settings/connectors" method="post" autocomplete="off">
+<input type='hidden' name='form_security_token' value='$form_security_token'>
$settings_connectors
diff --git a/view/settings_oauth.tpl b/view/settings_oauth.tpl
index 0de0dbe98..da1398ab9 100755
--- a/view/settings_oauth.tpl
+++ b/view/settings_oauth.tpl
@@ -4,7 +4,8 @@ $tabs
<form action="settings/oauth" method="post" autocomplete="off">
-
+<input type='hidden' name='form_security_token' value='$form_security_token'>
+
<div id="profile-edit-links">
<ul>
<li>
@@ -24,7 +25,7 @@ $tabs
{{ endif }}
{{ if $app.my }}
<a href="$baseurl/settings/oauth/edit/$app.client_id" class="icon s22 edit" title="$edit">&nbsp;</a>
- <a href="$baseurl/settings/oauth/delete/$app.client_id" class="icon s22 delete" title="$delete">&nbsp;</a>
+ <a href="$baseurl/settings/oauth/delete/$app.client_id?t=$form_security_token" class="icon s22 delete" title="$delete">&nbsp;</a>
{{ endif }}
</div>
{{ endfor }}
diff --git a/view/settings_oauth_edit.tpl b/view/settings_oauth_edit.tpl
index 98b7457aa..d29341386 100755
--- a/view/settings_oauth_edit.tpl
+++ b/view/settings_oauth_edit.tpl
@@ -3,6 +3,8 @@ $tabs
<h1>$title</h1>
<form method="POST">
+<input type='hidden' name='form_security_token' value='$form_security_token'>
+
{{ inc field_input.tpl with $field=$name }}{{ endinc }}
{{ inc field_input.tpl with $field=$key }}{{ endinc }}
{{ inc field_input.tpl with $field=$secret }}{{ endinc }}