aboutsummaryrefslogtreecommitdiffstats
path: root/view
diff options
context:
space:
mode:
authorSimon L'nu <simon.lnu@gmail.com>2012-04-20 05:52:08 -0400
committerSimon L'nu <simon.lnu@gmail.com>2012-04-20 05:52:08 -0400
commit1c88a7ef5ded0a5e58a554482d2c1fbeb78c2ef0 (patch)
treea5646997bfa930bc7e15db200b5de4e2eacc44b1 /view
parent83683b516ec058d0e5fdd0d4a1defbd22a60c322 (diff)
parent3bb785fdad0b1636ac5094a051e291b0f33e0f45 (diff)
downloadvolse-hubzilla-1c88a7ef5ded0a5e58a554482d2c1fbeb78c2ef0.tar.gz
volse-hubzilla-1c88a7ef5ded0a5e58a554482d2c1fbeb78c2ef0.tar.bz2
volse-hubzilla-1c88a7ef5ded0a5e58a554482d2c1fbeb78c2ef0.zip
Merge branch 'master', remote-tracking branch 'remotes/upstream/master'
* remotes/upstream/master: XSRF protection and PHPdoc for mod/admin.php XSRF protection and PHPdoc for mod/admin.php * master:
Diffstat (limited to 'view')
-rw-r--r--view/admin_logs.tpl1
-rw-r--r--view/admin_plugins.tpl2
-rw-r--r--view/admin_plugins_details.tpl2
-rw-r--r--view/admin_site.tpl3
-rw-r--r--view/admin_users.tpl5
-rw-r--r--view/theme/diabook-aerith/admin_users.tpl7
-rw-r--r--view/theme/diabook-blue/admin_users.tpl7
-rw-r--r--view/theme/diabook-red/admin_users.tpl5
-rw-r--r--view/theme/diabook/admin_users.tpl5
9 files changed, 22 insertions, 15 deletions
diff --git a/view/admin_logs.tpl b/view/admin_logs.tpl
index 9d133b155..b777cf420 100644
--- a/view/admin_logs.tpl
+++ b/view/admin_logs.tpl
@@ -2,6 +2,7 @@
<h1>$title - $page</h1>
<form action="$baseurl/admin/logs" method="post">
+ <input type='hidden' name='form_security_token' value='$form_security_token'>
{{ inc field_checkbox.tpl with $field=$debugging }}{{ endinc }}
{{ inc field_input.tpl with $field=$logfile }}{{ endinc }}
diff --git a/view/admin_plugins.tpl b/view/admin_plugins.tpl
index 8367ff6a1..74b56bb4e 100644
--- a/view/admin_plugins.tpl
+++ b/view/admin_plugins.tpl
@@ -4,7 +4,7 @@
<ul id='pluginslist'>
{{ for $plugins as $p }}
<li class='plugin $p.1'>
- <a class='toggleplugin' href='$baseurl/admin/$function/$p.0?a=t' title="{{if $p.1==on }}Disable{{ else }}Enable{{ endif }}" ><span class='icon $p.1'></span></a>
+ <a class='toggleplugin' href='$baseurl/admin/$function/$p.0?a=t&amp;t=$form_security_token' title="{{if $p.1==on }}Disable{{ else }}Enable{{ endif }}" ><span class='icon $p.1'></span></a>
<a href='$baseurl/admin/$function/$p.0'><span class='name'>$p.2.name</span></a> - <span class="version">$p.2.version</span>
{{ if $p.2.experimental }} $experimental {{ endif }}{{ if $p.2.unsupported }} $unsupported {{ endif }}
diff --git a/view/admin_plugins_details.tpl b/view/admin_plugins_details.tpl
index aaa366f65..931c7b83c 100644
--- a/view/admin_plugins_details.tpl
+++ b/view/admin_plugins_details.tpl
@@ -1,7 +1,7 @@
<div id='adminpage'>
<h1>$title - $page</h1>
- <p><span class='toggleplugin icon $status'></span> $info.name - $info.version : <a href="$baseurl/admin/$function/$plugin/?a=t">$action</a></p>
+ <p><span class='toggleplugin icon $status'></span> $info.name - $info.version : <a href="$baseurl/admin/$function/$plugin/?a=t&amp;t=$form_security_token">$action</a></p>
<p>$info.description</p>
<p class="author">$str_author
diff --git a/view/admin_site.tpl b/view/admin_site.tpl
index 9de6bd9c5..2b9db9f35 100644
--- a/view/admin_site.tpl
+++ b/view/admin_site.tpl
@@ -38,7 +38,8 @@
<h1>$title - $page</h1>
<form action="$baseurl/admin/site" method="post">
-
+ <input type='hidden' name='form_security_token' value='$form_security_token'>
+
{{ inc field_input.tpl with $field=$sitename }}{{ endinc }}
{{ inc field_textarea.tpl with $field=$banner }}{{ endinc }}
{{ inc field_select.tpl with $field=$language }}{{ endinc }}
diff --git a/view/admin_users.tpl b/view/admin_users.tpl
index bde7edb59..f67e4a0f7 100644
--- a/view/admin_users.tpl
+++ b/view/admin_users.tpl
@@ -14,6 +14,7 @@
<h1>$title - $page</h1>
<form action="$baseurl/admin/users" method="post">
+ <input type='hidden' name='form_security_token' value='$form_security_token'>
<h3>$h_pending</h3>
{{ if $pending }}
@@ -72,8 +73,8 @@
<td class='login_date'>$u.page-flags</td>
<td class="checkbox"><input type="checkbox" class="users_ckbx" id="id_user_$u.uid" name="user[]" value="$u.uid"/></td>
<td class="tools">
- <a href="$baseurl/admin/users/block/$u.uid" title='{{ if $u.blocked }}$unblock{{ else }}$block{{ endif }}'><span class='icon block {{ if $u.blocked==0 }}dim{{ endif }}'></span></a>
- <a href="$baseurl/admin/users/delete/$u.uid" title='$delete' onclick="return confirm_delete('$u.name')"><span class='icon drop'></span></a>
+ <a href="$baseurl/admin/users/block/$u.uid?t=$form_security_token" title='{{ if $u.blocked }}$unblock{{ else }}$block{{ endif }}'><span class='icon block {{ if $u.blocked==0 }}dim{{ endif }}'></span></a>
+ <a href="$baseurl/admin/users/delete/$u.uid?t=$form_security_token" title='$delete' onclick="return confirm_delete('$u.name')"><span class='icon drop'></span></a>
</td>
</tr>
{{ endfor }}
diff --git a/view/theme/diabook-aerith/admin_users.tpl b/view/theme/diabook-aerith/admin_users.tpl
index 40f94f5fe..a03573aac 100644
--- a/view/theme/diabook-aerith/admin_users.tpl
+++ b/view/theme/diabook-aerith/admin_users.tpl
@@ -14,7 +14,8 @@
<h1>$title - $page</h1>
<form action="$baseurl/admin/users" method="post">
-
+ <input type='hidden' name='form_security_token' value='$form_security_token'>
+
<h3>$h_pending</h3>
{{ if $pending }}
<table id='pending'>
@@ -72,8 +73,8 @@
<td class='login_date'>$u.page-flags</td>
<td class="checkbox"><input type="checkbox" class="users_ckbx" id="id_user_$u.uid" name="user[]" value="$u.uid"/></td>
<td class="tools" style="width:60px;">
- <a href="$baseurl/admin/users/block/$u.uid" title='{{ if $u.blocked }}$unblock{{ else }}$block{{ endif }}'><span class='icon block {{ if $u.blocked==0 }}dim{{ endif }}'></span></a>
- <a href="$baseurl/admin/users/delete/$u.uid" title='$delete' onclick="return confirm_delete('$u.name')"><span class='icon ad_drop'></span></a>
+ <a href="$baseurl/admin/users/block/$u.uid?t=$form_security_token" title='{{ if $u.blocked }}$unblock{{ else }}$block{{ endif }}'><span class='icon block {{ if $u.blocked==0 }}dim{{ endif }}'></span></a>
+ <a href="$baseurl/admin/users/delete/$u.uid?t=$form_security_token" title='$delete' onclick="return confirm_delete('$u.name')"><span class='icon ad_drop'></span></a>
</td>
</tr>
{{ endfor }}
diff --git a/view/theme/diabook-blue/admin_users.tpl b/view/theme/diabook-blue/admin_users.tpl
index 40f94f5fe..a03573aac 100644
--- a/view/theme/diabook-blue/admin_users.tpl
+++ b/view/theme/diabook-blue/admin_users.tpl
@@ -14,7 +14,8 @@
<h1>$title - $page</h1>
<form action="$baseurl/admin/users" method="post">
-
+ <input type='hidden' name='form_security_token' value='$form_security_token'>
+
<h3>$h_pending</h3>
{{ if $pending }}
<table id='pending'>
@@ -72,8 +73,8 @@
<td class='login_date'>$u.page-flags</td>
<td class="checkbox"><input type="checkbox" class="users_ckbx" id="id_user_$u.uid" name="user[]" value="$u.uid"/></td>
<td class="tools" style="width:60px;">
- <a href="$baseurl/admin/users/block/$u.uid" title='{{ if $u.blocked }}$unblock{{ else }}$block{{ endif }}'><span class='icon block {{ if $u.blocked==0 }}dim{{ endif }}'></span></a>
- <a href="$baseurl/admin/users/delete/$u.uid" title='$delete' onclick="return confirm_delete('$u.name')"><span class='icon ad_drop'></span></a>
+ <a href="$baseurl/admin/users/block/$u.uid?t=$form_security_token" title='{{ if $u.blocked }}$unblock{{ else }}$block{{ endif }}'><span class='icon block {{ if $u.blocked==0 }}dim{{ endif }}'></span></a>
+ <a href="$baseurl/admin/users/delete/$u.uid?t=$form_security_token" title='$delete' onclick="return confirm_delete('$u.name')"><span class='icon ad_drop'></span></a>
</td>
</tr>
{{ endfor }}
diff --git a/view/theme/diabook-red/admin_users.tpl b/view/theme/diabook-red/admin_users.tpl
index 40f94f5fe..b465dc1b0 100644
--- a/view/theme/diabook-red/admin_users.tpl
+++ b/view/theme/diabook-red/admin_users.tpl
@@ -14,6 +14,7 @@
<h1>$title - $page</h1>
<form action="$baseurl/admin/users" method="post">
+ <input type='hidden' name='form_security_token' value='$form_security_token'>
<h3>$h_pending</h3>
{{ if $pending }}
@@ -72,8 +73,8 @@
<td class='login_date'>$u.page-flags</td>
<td class="checkbox"><input type="checkbox" class="users_ckbx" id="id_user_$u.uid" name="user[]" value="$u.uid"/></td>
<td class="tools" style="width:60px;">
- <a href="$baseurl/admin/users/block/$u.uid" title='{{ if $u.blocked }}$unblock{{ else }}$block{{ endif }}'><span class='icon block {{ if $u.blocked==0 }}dim{{ endif }}'></span></a>
- <a href="$baseurl/admin/users/delete/$u.uid" title='$delete' onclick="return confirm_delete('$u.name')"><span class='icon ad_drop'></span></a>
+ <a href="$baseurl/admin/users/block/$u.uid?t=$form_security_token" title='{{ if $u.blocked }}$unblock{{ else }}$block{{ endif }}'><span class='icon block {{ if $u.blocked==0 }}dim{{ endif }}'></span></a>
+ <a href="$baseurl/admin/users/delete/$u.uid?t=$form_security_token" title='$delete' onclick="return confirm_delete('$u.name')"><span class='icon ad_drop'></span></a>
</td>
</tr>
{{ endfor }}
diff --git a/view/theme/diabook/admin_users.tpl b/view/theme/diabook/admin_users.tpl
index 40f94f5fe..b465dc1b0 100644
--- a/view/theme/diabook/admin_users.tpl
+++ b/view/theme/diabook/admin_users.tpl
@@ -14,6 +14,7 @@
<h1>$title - $page</h1>
<form action="$baseurl/admin/users" method="post">
+ <input type='hidden' name='form_security_token' value='$form_security_token'>
<h3>$h_pending</h3>
{{ if $pending }}
@@ -72,8 +73,8 @@
<td class='login_date'>$u.page-flags</td>
<td class="checkbox"><input type="checkbox" class="users_ckbx" id="id_user_$u.uid" name="user[]" value="$u.uid"/></td>
<td class="tools" style="width:60px;">
- <a href="$baseurl/admin/users/block/$u.uid" title='{{ if $u.blocked }}$unblock{{ else }}$block{{ endif }}'><span class='icon block {{ if $u.blocked==0 }}dim{{ endif }}'></span></a>
- <a href="$baseurl/admin/users/delete/$u.uid" title='$delete' onclick="return confirm_delete('$u.name')"><span class='icon ad_drop'></span></a>
+ <a href="$baseurl/admin/users/block/$u.uid?t=$form_security_token" title='{{ if $u.blocked }}$unblock{{ else }}$block{{ endif }}'><span class='icon block {{ if $u.blocked==0 }}dim{{ endif }}'></span></a>
+ <a href="$baseurl/admin/users/delete/$u.uid?t=$form_security_token" title='$delete' onclick="return confirm_delete('$u.name')"><span class='icon ad_drop'></span></a>
</td>
</tr>
{{ endfor }}