perdedora/leftypol
1
0
Fork 0
forked from leftypol/leftypol
Code Pull requests Activity

CSRF more mod pages

Browse source
This commit is contained in:
Michael Foster 2013-09-23 16:48:56 +10:00
parent 00f4da3b82
commit c8062fbf76
18 changed files with 166 additions and 79 deletions
Download patch file Download diff file Expand all files Collapse all files

1
templates/mod/ban_appeals.html
View file

@ -1,6 +1,7 @@
{% for ban in ban_appeals %}
<form action="" method="post" style="margin: 10px 0">
<input type="hidden" name="token" value="{{ token }}">
<table style="margin: 5px 0">
<tr>
<th>{% trans 'Status' %}</th>

3
templates/mod/ban_list.html
View file

@ -1,7 +1,8 @@
{% if bans|count == 0 %}
<p style="text-align:center" class="unimportant">({% trans 'There are no active bans.' %})</p>
{% else %}
<form action="" method="post">
<form action="?/bans" method="post">
<input type="hidden" name="token" value="{{ token }}">
<table class="mod" style="width:100%">
<tr>
<th>{% trans 'IP address/mask' %}</th>

1
templates/mod/board.html
View file

@ -5,6 +5,7 @@
{% endif %}
<form action="{{ action }}" method="post">
<input type="hidden" name="token" value="{{ token }}">
<table>
<tr>
<th>{% trans 'URI' %}</th>

1
templates/mod/config-editor-php.html
View file

@ -21,6 +21,7 @@
{% if not readonly %}<form method="post" action="">{% endif %}
<input type="hidden" name="token" value="{{ token }}">
<textarea name="code" id="code" style="margin:auto;width:100%;height:500px{% if readonly %};background:#eee" readonly{% else %}"{% endif %}>
{{ php }}
</textarea>

1
templates/mod/config-editor.html
View file

@ -14,6 +14,7 @@
</ul>
{% endif %}
<form method="post" action="">
<input type="hidden" name="token" value="{{ token }}">
<table class="mod config-editor">
<tr>
<th class="minimal">{% trans 'Name' %}</th>

2
templates/mod/dashboard.html
View file

@ -164,7 +164,7 @@
<legend>{% trans 'User account' %}</legend>
<ul>
<li><a href="?/logout">{% trans 'Logout' %}</a></li>
<li><a href="?/logout/{{ logout_token }}">{% trans 'Logout' %}</a></li>
</ul>
</fieldset>

1
templates/mod/new_pm.html
View file

@ -1,4 +1,5 @@
<form action="?/new_PM/{{ username|e }}" method="post">
<input type="hidden" name="token" value="{{ token }}">
<table>
<tr>
<th>To</th>

3
templates/mod/news.html
View file

@ -2,6 +2,7 @@
<fieldset>
<legend>{% trans 'New post' %}</legend>
<form style="margin:0" action="" method="post">
<input type="hidden" name="token" value="{{ token }}">
<table>
<tr>
<th>
@ -39,7 +40,7 @@
<div class="ban">
{% if mod|hasPermission(config.mod.news_delete) %}
<span style="float:right;padding:2px">
<a class="unimportant" href="?/news/delete/{{ post.id }}">[{% trans 'delete' %}]</a>
<a class="unimportant" href="?/news/delete/{{ post.id }}/{{ post.delete_token }}">[{% trans 'delete' %}]</a>
</span>
{% endif %}
<h2 id="{{ post.id }}">

5
templates/mod/noticeboard.html
View file

@ -1,7 +1,8 @@
{% if mod|hasPermission(config.mod.noticeboard_post) %}
<fieldset>
<legend>{% trans 'New post' %}</legend>
<form style="margin:0" action="" method="post">
<form style="margin:0" action="?/noticeboard" method="post">
<input type="hidden" name="token" value="{{ token }}">
<table>
<tr>
<th>{% trans 'Name' %}</th>
@ -27,7 +28,7 @@
<div class="ban">
{% if mod|hasPermission(config.mod.noticeboard_delete) %}
<span style="float:right;padding:2px">
<a class="unimportant" href="?/noticeboard/delete/{{ post.id }}">[{% trans 'delete' %}]</a>
<a class="unimportant" href="?/noticeboard/delete/{{ post.id }}/{{ post.delete_token }}">[{% trans 'delete' %}]</a>
</span>
{% endif %}
<h2 id="{{ post.id }}">

1
templates/mod/rebuild.html
View file

@ -1,4 +1,5 @@
<form style="width:300px;margin:auto" action="?/rebuild" method="post">
<input type="hidden" name="token" value="{{ token }}">
<ul id="rebuild">
<li style="margin-bottom:8px">
<input type="checkbox" name="rebuild_all" id="rebuild_all" onchange="toggleall(this.checked)">

4
templates/mod/report.html
View file

@ -13,13 +13,13 @@
{% if mod|hasPermission(config.mod.report_dismiss, report.board) or mod|hasPermission(config.mod.report_dismiss_ip, report.board) %}
<hr>
{% if mod|hasPermission(config.mod.report_dismiss, report.board) %}
<a title="{% trans 'Discard abuse report' %}" href="?/reports/{{ report.id }}/dismiss">Dismiss</a>
<a title="{% trans 'Discard abuse report' %}" href="?/reports/{{ report.id }}/dismiss/{{ token }}">Dismiss</a>
{% endif %}
{% if mod|hasPermission(config.mod.report_dismiss_ip, report.board) %}
{% if mod|hasPermission(config.mod.report_dismiss, report.board) %}
|
{% endif %}
<a title="{% trans 'Discard all abuse reports by this IP address' %}" href="?/reports/{{ report.id }}/dismissall">Dismiss+</a>
<a title="{% trans 'Discard all abuse reports by this IP address' %}" href="?/reports/{{ report.id }}/dismissall/{{ token_all }}">Dismiss+</a>
{% endif %}
{% endif %}
</div>

1
templates/mod/theme_config.html
View file

@ -1,4 +1,5 @@
<form action="" method="post">
<input type="hidden" name="token" value="{{ token }}">
{% if not config %}
<p style="text-align:center" class="unimportant">(No configuration required.)</p>
{% else %}

4
templates/mod/themes.html
View file

@ -28,8 +28,8 @@
{% if theme_name in themes_in_use %}{% trans 'Reconfigure' %}{% else %}{% trans 'Install' %}{% endif %}
</a></li>
{% if theme_name in themes_in_use %}
<li><a href="?/themes/{{ theme_name }}/rebuild">{% trans 'Rebuild' %}</a></li>
<li><a href="?/themes/{{ theme_name }}/uninstall" onclick="return confirm('Are you sure you want to uninstall this theme?');">{% trans 'Uninstall' %}</a></li>
<li><a href="?/themes/{{ theme_name }}/rebuild/{{ theme.rebuild_token }}">{% trans 'Rebuild' %}</a></li>
<li><a href="?/themes/{{ theme_name }}/uninstall/{{ theme.uninstall_token }}" onclick="return confirm('Are you sure you want to uninstall this theme?');">{% trans 'Uninstall' %}</a></li>
{% endif %}
</ul></td>
</tr>

1
templates/mod/user.html
View file

@ -5,6 +5,7 @@
{% endif %}
<form action="{{ action }}" method="post">
<input type="hidden" name="token" value="{{ token }}">
<table>
<tr>
<th>{% trans 'Username' %}</th>

4
templates/mod/users.html
View file

@ -48,10 +48,10 @@
{% endif %}
<td>
{% if mod|hasPermission(config.mod.promoteusers) and user.type < constant(config.mod.groups[0:-1]|last) %}
<a style="float:left;text-decoration:none" href="?/users/{{ user.id }}/promote" title="{% trans 'Promote' %}">&#9650;</a>
<a style="float:left;text-decoration:none" href="?/users/{{ user.id }}/promote/{{ user.promote_token }}" title="{% trans 'Promote' %}">&#9650;</a>
{% endif %}
{% if mod|hasPermission(config.mod.promoteusers) and user.type > constant(config.mod.groups|first) %}
<a style="float:left;text-decoration:none" href="?/users/{{ user.id }}/demote" title="{% trans 'Demote' %}"{% if mod.id == user.id %} onclick="return confirm('{% trans 'Are you sure you want to demote yourself?' %}')"{% endif %}>&#9660;</a>
<a style="float:left;text-decoration:none" href="?/users/{{ user.id }}/demote/{{ user.demote_token }}" title="{% trans 'Demote' %}"{% if mod.id == user.id %} onclick="return confirm('{% trans 'Are you sure you want to demote yourself?' %}')"{% endif %}>&#9660;</a>
{% endif %}
{% if mod|hasPermission(config.mod.modlog) %}
<a class="unimportant" style="margin-left:5px;float:right" href="?/log:{{ user.username|e }}">[{% trans 'log' %}]</a>

2
templates/mod/view_ip.html
View file

@ -57,6 +57,7 @@
{% if mod|hasPermission(config.mod.create_notes) %}
<form action="" method="post" style="margin:0">
<input type="hidden" name="token" value="{{ security_token }}">
<table>
<tr>
<th>{% trans 'Staff' %}</th>
@ -87,6 +88,7 @@
{% for ban in bans %}
<form action="" method="post" style="text-align:center">
<input type="hidden" name="token" value="{{ security_token }}">
<table style="width:400px;margin-bottom:10px;border-bottom:1px solid #ddd;padding:5px">
<tr>
<th>{% trans 'Status' %}</th>