diff options
Diffstat (limited to 'view')
-rw-r--r-- | view/admin_logs.tpl | 1 | ||||
-rw-r--r-- | view/admin_site.tpl | 3 | ||||
-rw-r--r-- | view/admin_users.tpl | 5 | ||||
-rw-r--r-- | view/theme/diabook-aerith/admin_users.tpl | 7 | ||||
-rw-r--r-- | view/theme/diabook-blue/admin_users.tpl | 7 | ||||
-rw-r--r-- | view/theme/diabook-red/admin_users.tpl | 5 | ||||
-rw-r--r-- | view/theme/diabook/admin_users.tpl | 5 |
7 files changed, 20 insertions, 13 deletions
diff --git a/view/admin_logs.tpl b/view/admin_logs.tpl index 9d133b155..b777cf420 100644 --- a/view/admin_logs.tpl +++ b/view/admin_logs.tpl @@ -2,6 +2,7 @@ <h1>$title - $page</h1> <form action="$baseurl/admin/logs" method="post"> + <input type='hidden' name='form_security_token' value='$form_security_token'> {{ inc field_checkbox.tpl with $field=$debugging }}{{ endinc }} {{ inc field_input.tpl with $field=$logfile }}{{ endinc }} diff --git a/view/admin_site.tpl b/view/admin_site.tpl index 9de6bd9c5..2b9db9f35 100644 --- a/view/admin_site.tpl +++ b/view/admin_site.tpl @@ -38,7 +38,8 @@ <h1>$title - $page</h1> <form action="$baseurl/admin/site" method="post"> - + <input type='hidden' name='form_security_token' value='$form_security_token'> + {{ inc field_input.tpl with $field=$sitename }}{{ endinc }} {{ inc field_textarea.tpl with $field=$banner }}{{ endinc }} {{ inc field_select.tpl with $field=$language }}{{ endinc }} diff --git a/view/admin_users.tpl b/view/admin_users.tpl index bde7edb59..f67e4a0f7 100644 --- a/view/admin_users.tpl +++ b/view/admin_users.tpl @@ -14,6 +14,7 @@ <h1>$title - $page</h1> <form action="$baseurl/admin/users" method="post"> + <input type='hidden' name='form_security_token' value='$form_security_token'> <h3>$h_pending</h3> {{ if $pending }} @@ -72,8 +73,8 @@ <td class='login_date'>$u.page-flags</td> <td class="checkbox"><input type="checkbox" class="users_ckbx" id="id_user_$u.uid" name="user[]" value="$u.uid"/></td> <td class="tools"> - <a href="$baseurl/admin/users/block/$u.uid" title='{{ if $u.blocked }}$unblock{{ else }}$block{{ endif }}'><span class='icon block {{ if $u.blocked==0 }}dim{{ endif }}'></span></a> - <a href="$baseurl/admin/users/delete/$u.uid" title='$delete' onclick="return confirm_delete('$u.name')"><span class='icon drop'></span></a> + <a href="$baseurl/admin/users/block/$u.uid?t=$form_security_token" title='{{ if $u.blocked }}$unblock{{ else }}$block{{ endif }}'><span class='icon block {{ if $u.blocked==0 }}dim{{ endif }}'></span></a> + <a href="$baseurl/admin/users/delete/$u.uid?t=$form_security_token" title='$delete' onclick="return confirm_delete('$u.name')"><span class='icon drop'></span></a> </td> </tr> {{ endfor }} diff --git a/view/theme/diabook-aerith/admin_users.tpl b/view/theme/diabook-aerith/admin_users.tpl index 40f94f5fe..a03573aac 100644 --- a/view/theme/diabook-aerith/admin_users.tpl +++ b/view/theme/diabook-aerith/admin_users.tpl @@ -14,7 +14,8 @@ <h1>$title - $page</h1> <form action="$baseurl/admin/users" method="post"> - + <input type='hidden' name='form_security_token' value='$form_security_token'> + <h3>$h_pending</h3> {{ if $pending }} <table id='pending'> @@ -72,8 +73,8 @@ <td class='login_date'>$u.page-flags</td> <td class="checkbox"><input type="checkbox" class="users_ckbx" id="id_user_$u.uid" name="user[]" value="$u.uid"/></td> <td class="tools" style="width:60px;"> - <a href="$baseurl/admin/users/block/$u.uid" title='{{ if $u.blocked }}$unblock{{ else }}$block{{ endif }}'><span class='icon block {{ if $u.blocked==0 }}dim{{ endif }}'></span></a> - <a href="$baseurl/admin/users/delete/$u.uid" title='$delete' onclick="return confirm_delete('$u.name')"><span class='icon ad_drop'></span></a> + <a href="$baseurl/admin/users/block/$u.uid?t=$form_security_token" title='{{ if $u.blocked }}$unblock{{ else }}$block{{ endif }}'><span class='icon block {{ if $u.blocked==0 }}dim{{ endif }}'></span></a> + <a href="$baseurl/admin/users/delete/$u.uid?t=$form_security_token" title='$delete' onclick="return confirm_delete('$u.name')"><span class='icon ad_drop'></span></a> </td> </tr> {{ endfor }} diff --git a/view/theme/diabook-blue/admin_users.tpl b/view/theme/diabook-blue/admin_users.tpl index 40f94f5fe..a03573aac 100644 --- a/view/theme/diabook-blue/admin_users.tpl +++ b/view/theme/diabook-blue/admin_users.tpl @@ -14,7 +14,8 @@ <h1>$title - $page</h1> <form action="$baseurl/admin/users" method="post"> - + <input type='hidden' name='form_security_token' value='$form_security_token'> + <h3>$h_pending</h3> {{ if $pending }} <table id='pending'> @@ -72,8 +73,8 @@ <td class='login_date'>$u.page-flags</td> <td class="checkbox"><input type="checkbox" class="users_ckbx" id="id_user_$u.uid" name="user[]" value="$u.uid"/></td> <td class="tools" style="width:60px;"> - <a href="$baseurl/admin/users/block/$u.uid" title='{{ if $u.blocked }}$unblock{{ else }}$block{{ endif }}'><span class='icon block {{ if $u.blocked==0 }}dim{{ endif }}'></span></a> - <a href="$baseurl/admin/users/delete/$u.uid" title='$delete' onclick="return confirm_delete('$u.name')"><span class='icon ad_drop'></span></a> + <a href="$baseurl/admin/users/block/$u.uid?t=$form_security_token" title='{{ if $u.blocked }}$unblock{{ else }}$block{{ endif }}'><span class='icon block {{ if $u.blocked==0 }}dim{{ endif }}'></span></a> + <a href="$baseurl/admin/users/delete/$u.uid?t=$form_security_token" title='$delete' onclick="return confirm_delete('$u.name')"><span class='icon ad_drop'></span></a> </td> </tr> {{ endfor }} diff --git a/view/theme/diabook-red/admin_users.tpl b/view/theme/diabook-red/admin_users.tpl index 40f94f5fe..b465dc1b0 100644 --- a/view/theme/diabook-red/admin_users.tpl +++ b/view/theme/diabook-red/admin_users.tpl @@ -14,6 +14,7 @@ <h1>$title - $page</h1> <form action="$baseurl/admin/users" method="post"> + <input type='hidden' name='form_security_token' value='$form_security_token'> <h3>$h_pending</h3> {{ if $pending }} @@ -72,8 +73,8 @@ <td class='login_date'>$u.page-flags</td> <td class="checkbox"><input type="checkbox" class="users_ckbx" id="id_user_$u.uid" name="user[]" value="$u.uid"/></td> <td class="tools" style="width:60px;"> - <a href="$baseurl/admin/users/block/$u.uid" title='{{ if $u.blocked }}$unblock{{ else }}$block{{ endif }}'><span class='icon block {{ if $u.blocked==0 }}dim{{ endif }}'></span></a> - <a href="$baseurl/admin/users/delete/$u.uid" title='$delete' onclick="return confirm_delete('$u.name')"><span class='icon ad_drop'></span></a> + <a href="$baseurl/admin/users/block/$u.uid?t=$form_security_token" title='{{ if $u.blocked }}$unblock{{ else }}$block{{ endif }}'><span class='icon block {{ if $u.blocked==0 }}dim{{ endif }}'></span></a> + <a href="$baseurl/admin/users/delete/$u.uid?t=$form_security_token" title='$delete' onclick="return confirm_delete('$u.name')"><span class='icon ad_drop'></span></a> </td> </tr> {{ endfor }} diff --git a/view/theme/diabook/admin_users.tpl b/view/theme/diabook/admin_users.tpl index 40f94f5fe..b465dc1b0 100644 --- a/view/theme/diabook/admin_users.tpl +++ b/view/theme/diabook/admin_users.tpl @@ -14,6 +14,7 @@ <h1>$title - $page</h1> <form action="$baseurl/admin/users" method="post"> + <input type='hidden' name='form_security_token' value='$form_security_token'> <h3>$h_pending</h3> {{ if $pending }} @@ -72,8 +73,8 @@ <td class='login_date'>$u.page-flags</td> <td class="checkbox"><input type="checkbox" class="users_ckbx" id="id_user_$u.uid" name="user[]" value="$u.uid"/></td> <td class="tools" style="width:60px;"> - <a href="$baseurl/admin/users/block/$u.uid" title='{{ if $u.blocked }}$unblock{{ else }}$block{{ endif }}'><span class='icon block {{ if $u.blocked==0 }}dim{{ endif }}'></span></a> - <a href="$baseurl/admin/users/delete/$u.uid" title='$delete' onclick="return confirm_delete('$u.name')"><span class='icon ad_drop'></span></a> + <a href="$baseurl/admin/users/block/$u.uid?t=$form_security_token" title='{{ if $u.blocked }}$unblock{{ else }}$block{{ endif }}'><span class='icon block {{ if $u.blocked==0 }}dim{{ endif }}'></span></a> + <a href="$baseurl/admin/users/delete/$u.uid?t=$form_security_token" title='$delete' onclick="return confirm_delete('$u.name')"><span class='icon ad_drop'></span></a> </td> </tr> {{ endfor }} |