Relintai/crystal_cms_rcpp_fw
1
0
Fork 0
mirror of https://github.com/Relintai/crystal_cms_rcpp_fw.git synced 2025-04-22 20:41:18 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added csrf tokens to the existing forms.

Browse Source
This commit is contained in:
Relintai 2022-01-09 16:05:00 +01:00
parent d6b584ee01
commit 3a07a8b224
2 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/ccms_user_controller.cpp
View File

@ -28,6 +28,8 @@ void CCMSUserController::render_login_request_default(Request *request, LoginReq
//todo href path helper
b.form()->method("POST")->href("/user/login");
{
b.csrf_token(request);
b.w("Username");
b.br();
b.input()->type("text")->name("username")->value(data->uname_val);
@ -77,6 +79,8 @@ void CCMSUserController::render_register_request_default(Request *request, Regis
//todo href path helper
b.form()->method("POST")->href("/user/register");
{
b.csrf_token(request);
b.w("Username");
b.br();
b.input()->type("text")->name("username")->value(data->uname_val);
@ -146,6 +150,8 @@ void CCMSUserController::render_settings_request(Ref<User> &user, Request *reque
//todo href path helper
b.form()->method("POST")->href("/user/settings");
{
b.csrf_token(request);
b.w("Username");
b.br();
b.input()->type("text")->name("username")->placeholder(user->name_user_input)->value(data->uname_val);

5
app/menu/menu_node.cpp
View File

@ -166,6 +166,8 @@ void MenuNode::render_menuentry_view(Request *request, MenudminEntryViewData *da
b.form()->method("POST")->action(aurl);
{
b.csrf_token(request);
b.w("Name:")->br();
b.input_text("name", name)->br();
@ -363,6 +365,7 @@ void MenuNode::admin_render_menuentry_list(Request *request) {
if (i != 0) {
b.form()->method("POST")->action(request->get_url_root() + "up");
{
b.csrf_token(request);
b.input_hidden("id", String::num(e->id));
b.input_submit("Up");
}
@ -378,6 +381,7 @@ void MenuNode::admin_render_menuentry_list(Request *request) {
if (i + 1 != _data->entries.size()) {
b.form()->method("POST")->action(request->get_url_root() + "down");
{
b.csrf_token(request);
b.input_hidden("id", String::num(e->id));
b.input_submit("Down");
}
@ -392,6 +396,7 @@ void MenuNode::admin_render_menuentry_list(Request *request) {
{
b.form()->method("POST")->action(request->get_url_root() + "delete");
{
b.csrf_token(request);
b.input_hidden("id", String::num(e->id));
b.input_submit("Delete");
}