diff options
| author | Harald Eilertsen <haraldei@anduin.net> | 2024-11-02 14:42:00 +0000 |
|---|---|---|
| committer | Mario <mario@mariovavti.com> | 2024-11-02 14:42:00 +0000 |
| commit | 38c947590e81fbb00e315e1902eba8dd6dbdd0ec (patch) | |
| tree | b92d257beb82024c03f21f783c37169db9ec64c9 /view | |
| parent | 541a0f6476ebf178ac141d09a30f6fca824eebcb (diff) | |
| download | volse-hubzilla-38c947590e81fbb00e315e1902eba8dd6dbdd0ec.tar.gz volse-hubzilla-38c947590e81fbb00e315e1902eba8dd6dbdd0ec.tar.bz2 volse-hubzilla-38c947590e81fbb00e315e1902eba8dd6dbdd0ec.zip | |
Fix missing CSRF checks in admin/account_edit
Diffstat (limited to 'view')
| -rw-r--r-- | view/tpl/admin_account_edit.tpl | 1 | ||||
| -rw-r--r-- | view/tpl/field_input.tpl | 4 | ||||
| -rw-r--r-- | view/tpl/field_password.tpl | 2 | ||||
| -rw-r--r-- | view/tpl/field_select.tpl | 4 |
4 files changed, 6 insertions, 5 deletions
diff --git a/view/tpl/admin_account_edit.tpl b/view/tpl/admin_account_edit.tpl index 1cbb9af0b..6cc8872ba 100644 --- a/view/tpl/admin_account_edit.tpl +++ b/view/tpl/admin_account_edit.tpl @@ -5,6 +5,7 @@ <form action="admin/account_edit/{{$account.account_id}}" method="post" > <input type="hidden" name="aid" value="{{$account.account_id}}" /> +<input type="hidden" name="security" value="{{$security}}"> {{include file="field_password.tpl" field=$pass1}} {{include file="field_password.tpl" field=$pass2}} diff --git a/view/tpl/field_input.tpl b/view/tpl/field_input.tpl index 1b548221f..c22b6fc29 100644 --- a/view/tpl/field_input.tpl +++ b/view/tpl/field_input.tpl @@ -1,6 +1,6 @@ <div id="id_{{$field.0}}_wrapper" class="mb-3"> <label for="id_{{$field.0}}" id="label_{{$field.0}}"> - {{$field.1}}{{if $field.4}}<sup class="required zuiqmid"> {{$field.4}}</sup>{{/if}} + {{$field.1}}{{if isset($field.4)}}<sup class="required zuiqmid"> {{$field.4}}</sup>{{/if}} </label> <input class="form-control" @@ -8,7 +8,7 @@ id="id_{{$field.0}}" type="text" value="{{$field.2|escape:'html':'UTF-8':FALSE}}" - {{if $field.5}}{{$field.5}}{{/if}} + {{if isset($field.5)}}{{$field.5}}{{/if}} > <small id="help_{{$field.0}}" class="form-text text-muted"> {{$field.3}} diff --git a/view/tpl/field_password.tpl b/view/tpl/field_password.tpl index 7baad7d48..00cb9f9e1 100644 --- a/view/tpl/field_password.tpl +++ b/view/tpl/field_password.tpl @@ -1,5 +1,5 @@ <div class="mb-3"> <label for="id_{{$field.0}}">{{$field.1}}</label> - <input class="form-control" type="password" name="{{$field.0}}" id="id_{{$field.0}}" value="{{$field.2}}"{{if $field.5}} {{$field.5}}{{/if}}>{{if $field.4}} <span class="required">{{$field.4}}</span> {{/if}} + <input class="form-control" type="password" name="{{$field.0}}" id="id_{{$field.0}}" value="{{$field.2}}"{{if isset($field.5)}} {{$field.5}}{{/if}}>{{if isset($field.4)}} <span class="required">{{$field.4}}</span> {{/if}} <small id="help_{{$field.0}}" class="form-text text-muted">{{$field.3}}</small> </div> diff --git a/view/tpl/field_select.tpl b/view/tpl/field_select.tpl index a98a26799..e1ad18b60 100644 --- a/view/tpl/field_select.tpl +++ b/view/tpl/field_select.tpl @@ -1,11 +1,11 @@ <div id="id_{{$field.0}}_wrapper" class="mb-3"> - <label for="id_{{$field.0}}">{{$field.1}}{{if $field.5}}<sup class="required zuiqmid"> {{$field.5}}</sup>{{/if}}</label> + <label for="id_{{$field.0}}">{{$field.1}}{{if isset($field.5)}}<sup class="required zuiqmid"> {{$field.5}}</sup>{{/if}}</label> <select class="form-control" name="{{$field.0}}" id="id_{{$field.0}}"> {{foreach $field.4 as $opt=>$val}}<option value="{{$opt}}" {{if $opt==$field.2}}selected="selected"{{/if}}>{{$val}}</option>{{/foreach}} </select> <small class="form-text text-muted">{{$field.3}}</small > </div> -{{* +{{* COMMENTS for this template: @author hilmar runge, 2020.01 $field array index: |