diff options
| author | r <r@freesoftwareextremist.com> | 2020-01-25 10:07:06 +0000 |
|---|---|---|
| committer | r <r@freesoftwareextremist.com> | 2020-01-26 06:49:29 +0000 |
| commit | bf2cfaf0ede0e9744408f52538fb4bcd87a6d5b8 (patch) | |
| tree | 5d3be1dfa65395bddedd2fb6f06a990c23274f00 /templates/status.tmpl | |
| parent | 5fdc7a59b2efc60e35f5421e28986c356810456e (diff) | |
| download | bloat-bf2cfaf0ede0e9744408f52538fb4bcd87a6d5b8.tar.gz bloat-bf2cfaf0ede0e9744408f52538fb4bcd87a6d5b8.zip | |
Add CSRF protection
Diffstat (limited to 'templates/status.tmpl')
| -rw-r--r-- | templates/status.tmpl | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/templates/status.tmpl b/templates/status.tmpl index 09c1354..fd5339a 100644 --- a/templates/status.tmpl +++ b/templates/status.tmpl @@ -109,12 +109,14 @@ {{else}} {{if .Reblogged}} <form class="status-retweet" data-action="unretweet" action="/unretweet/{{.ID}}" method="post"> - <input type="hidden" name="retweeted_by_id" value="{{.RetweetedByID}}" /> + <input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}"> + <input type="hidden" name="retweeted_by_id" value="{{.RetweetedByID}}"> <input type="image" src="{{GetIcon "retweeted" $.Ctx.DarkMode}}" alt="undo retweet" class="icon" title="undo retweet"> </form> {{else}} <form class="status-retweet" data-action="retweet" action="/retweet/{{.ID}}" method="post"> - <input type="hidden" name="retweeted_by_id" value="{{.RetweetedByID}}" /> + <input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}"> + <input type="hidden" name="retweeted_by_id" value="{{.RetweetedByID}}"> <input type="image" src="{{GetIcon "retweet" $.Ctx.DarkMode}}" alt="retweet" class="icon" title="retweet"> </form> {{end}} @@ -126,12 +128,14 @@ <div class="status-action"> {{if .Favourited}} <form class="status-like" data-action="unlike" action="/unlike/{{.ID}}" method="post"> - <input type="hidden" name="retweeted_by_id" value="{{.RetweetedByID}}" /> + <input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}"> + <input type="hidden" name="retweeted_by_id" value="{{.RetweetedByID}}"> <input type="image" src="{{GetIcon "liked" $.Ctx.DarkMode}}" alt="unlike" class="icon" title="unlike"> </form> {{else}} <form class="status-like" data-action="like" action="/like/{{.ID}}" method="post"> - <input type="hidden" name="retweeted_by_id" value="{{.RetweetedByID}}" /> + <input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}"> + <input type="hidden" name="retweeted_by_id" value="{{.RetweetedByID}}"> <input type="image" src="{{GetIcon "star-o" $.Ctx.DarkMode}}" alt="like" class="icon" title="like"> </form> {{end}} |