diff options
| author | John Olheiser <john.olheiser@gmail.com> | 2020-02-25 14:28:47 -0600 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-02-25 14:28:47 -0600 |
| commit | c161bb013e091c0bcc524f07d50c028d9daf8cce (patch) | |
| tree | 0638e74576902e5c18cb77b3e469a5435cf707e5 /templates/repo/header.tmpl | |
| parent | 4427a936b4c7bd07908ccbe96104928dd29cf59d (diff) | |
| download | gitea-c161bb013e091c0bcc524f07d50c028d9daf8cce.tar.gz gitea-c161bb013e091c0bcc524f07d50c028d9daf8cce.zip | |
Change action GETs to POST (#10462)
* Change action GETs to POST
* submite = submit + smite
* No more # href
* Fix test
* Match other tests
* Explicit csrf
Signed-off-by: jolheiser <john.olheiser@gmail.com>
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
Diffstat (limited to 'templates/repo/header.tmpl')
| -rw-r--r-- | templates/repo/header.tmpl | 38 |
1 files changed, 22 insertions, 16 deletions
diff --git a/templates/repo/header.tmpl b/templates/repo/header.tmpl index c92feb5a78..1fc298bcba 100644 --- a/templates/repo/header.tmpl +++ b/templates/repo/header.tmpl @@ -51,22 +51,28 @@ </div> {{if not .IsBeingCreated}} <div class="repo-buttons"> - <div class="ui labeled button" tabindex="0"> - <a class="ui compact basic button" href="{{$.RepoLink}}/action/{{if $.IsWatchingRepo}}un{{end}}watch?redirect_to={{$.Link}}"> - <i class="icon fa-eye{{if not $.IsWatchingRepo}}-slash{{end}}"></i>{{if $.IsWatchingRepo}}{{$.i18n.Tr "repo.unwatch"}}{{else}}{{$.i18n.Tr "repo.watch"}}{{end}} - </a> - <a class="ui basic label" href="{{.Link}}/watchers"> - {{.NumWatches}} - </a> - </div> - <div class="ui labeled button" tabindex="0"> - <a class="ui compact basic button" href="{{$.RepoLink}}/action/{{if $.IsStaringRepo}}un{{end}}star?redirect_to={{$.Link}}"> - <i class="icon star{{if not $.IsStaringRepo}} outline{{end}}"></i>{{if $.IsStaringRepo}}{{$.i18n.Tr "repo.unstar"}}{{else}}{{$.i18n.Tr "repo.star"}}{{end}} - </a> - <a class="ui basic label" href="{{.Link}}/stars"> - {{.NumStars}} - </a> - </div> + <form method="post" action="{{$.RepoLink}}/action/{{if $.IsWatchingRepo}}un{{end}}watch?redirect_to={{$.Link}}"> + {{$.CsrfTokenHtml}} + <div class="ui labeled button" tabindex="0"> + <button type="submit" class="ui compact basic button"> + <i class="icon fa-eye{{if not $.IsWatchingRepo}}-slash{{end}}"></i>{{if $.IsWatchingRepo}}{{$.i18n.Tr "repo.unwatch"}}{{else}}{{$.i18n.Tr "repo.watch"}}{{end}} + </button> + <a class="ui basic label" href="{{.Link}}/watchers"> + {{.NumWatches}} + </a> + </div> + </form> + <form method="post" action="{{$.RepoLink}}/action/{{if $.IsStaringRepo}}un{{end}}star?redirect_to={{$.Link}}"> + {{$.CsrfTokenHtml}} + <div class="ui labeled button" tabindex="0"> + <button type="submit" class="ui compact basic button"> + <i class="icon star{{if not $.IsStaringRepo}} outline{{end}}"></i>{{if $.IsStaringRepo}}{{$.i18n.Tr "repo.unstar"}}{{else}}{{$.i18n.Tr "repo.star"}}{{end}} + </button> + <a class="ui basic label" href="{{.Link}}/stars"> + {{.NumStars}} + </a> + </div> + </form> {{if and (not .IsEmpty) ($.Permission.CanRead $.UnitTypeCode)}} <div class="ui labeled button {{if and ($.IsSigned) (not $.CanSignedUserFork)}}disabled-repo-button{{end}}" tabindex="0"> <a class="ui compact basic button {{if or (not $.IsSigned) (not $.CanSignedUserFork)}}poping up{{end}}" {{if $.CanSignedUserFork}}href="{{AppSubUrl}}/repo/fork/{{.ID}}"{{else if $.IsSigned}} data-content="{{$.i18n.Tr "repo.fork_from_self"}}" {{ else }} data-content="{{$.i18n.Tr "repo.fork_guest_user" }}" rel="nofollow" href="{{AppSubUrl}}/user/login?redirect_to={{AppSubUrl}}/repo/fork/{{.ID}}" {{end}} data-position="top center" data-variation="tiny"> |