added CSRF token to settings template
This commit is contained in:
parent
3dd976ef40
commit
ee9b051c71
|
|
@ -144,7 +144,6 @@ def settings(user):
|
||||||
|
|
||||||
|
|
||||||
@post('/settings/markdown')
|
@post('/settings/markdown')
|
||||||
#csrf
|
|
||||||
@view('template/settings.tpl')
|
@view('template/settings.tpl')
|
||||||
def update_markdown(user):
|
def update_markdown(user):
|
||||||
user.set_markdown(request.forms['markdown'])
|
user.set_markdown(request.forms['markdown'])
|
||||||
|
|
@ -152,7 +151,6 @@ def update_markdown(user):
|
||||||
|
|
||||||
|
|
||||||
@post('/settings/mail_md')
|
@post('/settings/mail_md')
|
||||||
#csrf
|
|
||||||
@view('template/settings.tpl')
|
@view('template/settings.tpl')
|
||||||
def update_mail_md(user):
|
def update_mail_md(user):
|
||||||
user.set_mail_md(request.forms['mail_md'])
|
user.set_mail_md(request.forms['mail_md'])
|
||||||
|
|
@ -160,7 +158,6 @@ def update_mail_md(user):
|
||||||
|
|
||||||
|
|
||||||
@post('/settings/goodlist')
|
@post('/settings/goodlist')
|
||||||
#csrf
|
|
||||||
@view('template/settings.tpl')
|
@view('template/settings.tpl')
|
||||||
def update_trigger_patterns(user):
|
def update_trigger_patterns(user):
|
||||||
user.set_trigger_words(request.forms['goodlist'])
|
user.set_trigger_words(request.forms['goodlist'])
|
||||||
|
|
@ -168,7 +165,6 @@ def update_trigger_patterns(user):
|
||||||
|
|
||||||
|
|
||||||
@post('/settings/blocklist')
|
@post('/settings/blocklist')
|
||||||
#csrf
|
|
||||||
@view('template/settings.tpl')
|
@view('template/settings.tpl')
|
||||||
def update_badwords(user):
|
def update_badwords(user):
|
||||||
user.set_badwords(request.forms['blocklist'])
|
user.set_badwords(request.forms['blocklist'])
|
||||||
|
|
@ -176,7 +172,6 @@ def update_badwords(user):
|
||||||
|
|
||||||
|
|
||||||
@post('/settings/telegram')
|
@post('/settings/telegram')
|
||||||
#csrf
|
|
||||||
def register_telegram(user):
|
def register_telegram(user):
|
||||||
apikey = request.forms['apikey']
|
apikey = request.forms['apikey']
|
||||||
user.update_telegram_key(apikey)
|
user.update_telegram_key(apikey)
|
||||||
|
|
@ -248,7 +243,6 @@ def twitter_callback(user):
|
||||||
|
|
||||||
|
|
||||||
@post('/login/mastodon')
|
@post('/login/mastodon')
|
||||||
#csrf
|
|
||||||
def login_mastodon(user):
|
def login_mastodon(user):
|
||||||
"""
|
"""
|
||||||
Mastodon OAuth authentication process.
|
Mastodon OAuth authentication process.
|
||||||
|
|
|
||||||
|
|
@ -61,6 +61,7 @@
|
||||||
<option value='octodon.social'>
|
<option value='octodon.social'>
|
||||||
<option value='soc.ialis.me'>
|
<option value='soc.ialis.me'>
|
||||||
</datalist>
|
</datalist>
|
||||||
|
<input name='csrf' value='{{csrf}}' type='hidden' />
|
||||||
<input name='confirm' value='Log in' type='submit'/>
|
<input name='confirm' value='Log in' type='submit'/>
|
||||||
</form>
|
</form>
|
||||||
</section>
|
</section>
|
||||||
|
|
@ -82,6 +83,7 @@
|
||||||
</p>
|
</p>
|
||||||
<form action="/settings/telegram" method="post">
|
<form action="/settings/telegram" method="post">
|
||||||
<input type="text" name="apikey" placeholder="Telegram bot API key" id="apikey">
|
<input type="text" name="apikey" placeholder="Telegram bot API key" id="apikey">
|
||||||
|
<input name='csrf' value='{{csrf}}' type='hidden' />
|
||||||
<input name='confirm' value='Login with Telegram' type='submit'/>
|
<input name='confirm' value='Login with Telegram' type='submit'/>
|
||||||
</form>
|
</form>
|
||||||
</div>
|
</div>
|
||||||
|
|
@ -106,7 +108,7 @@
|
||||||
</p>
|
</p>
|
||||||
<form action="/settings/markdown" method="post">
|
<form action="/settings/markdown" method="post">
|
||||||
<textarea id="markdown" rows="20" cols="70" name="markdown" wrap="physical">{{markdown}}</textarea>
|
<textarea id="markdown" rows="20" cols="70" name="markdown" wrap="physical">{{markdown}}</textarea>
|
||||||
<input name='csrf' value='asdf' type='hidden' />
|
<input name='csrf' value='{{csrf}}' type='hidden' />
|
||||||
<input name='confirm' value='Save' type='submit'/>
|
<input name='confirm' value='Save' type='submit'/>
|
||||||
</form>
|
</form>
|
||||||
</div>
|
</div>
|
||||||
|
|
@ -124,6 +126,7 @@
|
||||||
</p>
|
</p>
|
||||||
<form action="/settings/mail_md" method="post">
|
<form action="/settings/mail_md" method="post">
|
||||||
<textarea id="mail_md" rows="20" cols="70" name="mail_md" wrap="physical">{{mail_md}}</textarea>
|
<textarea id="mail_md" rows="20" cols="70" name="mail_md" wrap="physical">{{mail_md}}</textarea>
|
||||||
|
<input name='csrf' value='{{csrf}}' type='hidden' />
|
||||||
<input name='confirm' value='Save' type='submit'/>
|
<input name='confirm' value='Save' type='submit'/>
|
||||||
</form>
|
</form>
|
||||||
</div>
|
</div>
|
||||||
|
|
@ -138,6 +141,7 @@
|
||||||
</p>
|
</p>
|
||||||
<form action="/settings/goodlist" method="post">
|
<form action="/settings/goodlist" method="post">
|
||||||
<textarea id="goodlist" rows="8" cols="70" name="goodlist" wrap="physical">{{triggerwords}}</textarea>
|
<textarea id="goodlist" rows="8" cols="70" name="goodlist" wrap="physical">{{triggerwords}}</textarea>
|
||||||
|
<input name='csrf' value='{{csrf}}' type='hidden' />
|
||||||
<input name='confirm' value='Submit' type='submit'/>
|
<input name='confirm' value='Submit' type='submit'/>
|
||||||
</form>
|
</form>
|
||||||
</div>
|
</div>
|
||||||
|
|
@ -152,6 +156,7 @@
|
||||||
</p>
|
</p>
|
||||||
<form action="/settings/blocklist" method="post">
|
<form action="/settings/blocklist" method="post">
|
||||||
<textarea id="blocklist" rows="8" cols="70" name="blocklist" wrap="physical">{{badwords}}</textarea>
|
<textarea id="blocklist" rows="8" cols="70" name="blocklist" wrap="physical">{{badwords}}</textarea>
|
||||||
|
<input name='csrf' value='{{csrf}}' type='hidden' />
|
||||||
<input name='confirm' value='Submit' type='submit'/>
|
<input name='confirm' value='Submit' type='submit'/>
|
||||||
</form>
|
</form>
|
||||||
</div>
|
</div>
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue