diff options
| author | John Olheiser <john.olheiser@gmail.com> | 2020-02-25 14:28:47 -0600 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-02-25 14:28:47 -0600 |
| commit | c161bb013e091c0bcc524f07d50c028d9daf8cce (patch) | |
| tree | 0638e74576902e5c18cb77b3e469a5435cf707e5 /templates | |
| parent | 4427a936b4c7bd07908ccbe96104928dd29cf59d (diff) | |
| download | gitea-c161bb013e091c0bcc524f07d50c028d9daf8cce.tar.gz gitea-c161bb013e091c0bcc524f07d50c028d9daf8cce.zip | |
Change action GETs to POST (#10462)
* Change action GETs to POST
* submite = submit + smite
* No more # href
* Fix test
* Match other tests
* Explicit csrf
Signed-off-by: jolheiser <john.olheiser@gmail.com>
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
Diffstat (limited to 'templates')
| -rw-r--r-- | templates/org/member/members.tmpl | 4 | ||||
| -rw-r--r-- | templates/org/team/members.tmpl | 5 | ||||
| -rw-r--r-- | templates/org/team/repositories.tmpl | 5 | ||||
| -rw-r--r-- | templates/org/team/sidebar.tmpl | 10 | ||||
| -rw-r--r-- | templates/org/team/teams.tmpl | 10 | ||||
| -rw-r--r-- | templates/repo/header.tmpl | 38 | ||||
| -rw-r--r-- | templates/repo/issue/milestones.tmpl | 4 | ||||
| -rw-r--r-- | templates/user/profile.tmpl | 10 |
8 files changed, 58 insertions, 28 deletions
diff --git a/templates/org/member/members.tmpl b/templates/org/member/members.tmpl index 81cfcf51e6..15af60d573 100644 --- a/templates/org/member/members.tmpl +++ b/templates/org/member/members.tmpl @@ -22,10 +22,10 @@ {{ $isPublic := index $.MembersIsPublicMember .ID}} {{if $isPublic}} <strong>{{$.i18n.Tr "org.members.public"}}</strong> - {{if or (eq $.SignedUser.ID .ID) $.IsOrganizationOwner}}(<a href="{{$.OrgLink}}/members/action/private?uid={{.ID}}">{{$.i18n.Tr "org.members.public_helper"}}</a>){{end}} + {{if or (eq $.SignedUser.ID .ID) $.IsOrganizationOwner}}(<a class="link-action" href data-url="{{$.OrgLink}}/members/action/private?uid={{.ID}}">{{$.i18n.Tr "org.members.public_helper"}}</a>){{end}} {{else}} <strong>{{$.i18n.Tr "org.members.private"}}</strong> - {{if or (eq $.SignedUser.ID .ID) $.IsOrganizationOwner}}(<a href="{{$.OrgLink}}/members/action/public?uid={{.ID}}">{{$.i18n.Tr "org.members.private_helper"}}</a>){{end}} + {{if or (eq $.SignedUser.ID .ID) $.IsOrganizationOwner}}(<a class="link-action" href data-url="{{$.OrgLink}}/members/action/public?uid={{.ID}}">{{$.i18n.Tr "org.members.private_helper"}}</a>){{end}} {{end}} </div> </div> diff --git a/templates/org/team/members.tmpl b/templates/org/team/members.tmpl index 74e5e1908a..f3b08652cd 100644 --- a/templates/org/team/members.tmpl +++ b/templates/org/team/members.tmpl @@ -27,7 +27,10 @@ {{range .Team.Members}} <div class="item"> {{if $.IsOrganizationOwner}} - <a class="ui red small button right" href="{{$.OrgLink}}/teams/{{$.Team.LowerName}}/action/remove?uid={{.ID}}">{{$.i18n.Tr "org.members.remove"}}</a> + <form method="post" action="{{$.OrgLink}}/teams/{{$.Team.LowerName}}/action/remove?uid={{.ID}}"> + {{$.CsrfTokenHtml}} + <button type="submit" class="ui red small button right" >{{$.i18n.Tr "org.members.remove"}}</button> + </form> {{end}} <a href="{{.HomeLink}}"> <img class="ui avatar image" src="{{.RelAvatarLink}}"> diff --git a/templates/org/team/repositories.tmpl b/templates/org/team/repositories.tmpl index e81ff889eb..d6046f86a3 100644 --- a/templates/org/team/repositories.tmpl +++ b/templates/org/team/repositories.tmpl @@ -35,7 +35,10 @@ {{range .Team.Repos}} <div class="item"> {{if $canAddRemove}} - <a class="ui red small button right" href="{{$.OrgLink}}/teams/{{$.Team.LowerName}}/action/repo/remove?repoid={{.ID}}">{{$.i18n.Tr "remove"}}</a> + <form method="post" action="{{$.OrgLink}}/teams/{{$.Team.LowerName}}/action/repo/remove?repoid={{.ID}}"> + {{$.CsrfTokenHtml}} + <button type="submit" class="ui red small button right">{{$.i18n.Tr "remove"}}</button> + </form> {{end}} <a class="member" href="{{AppSubUrl}}/{{$.Org.Name}}/{{.Name}}"> {{if .IsPrivate}} diff --git a/templates/org/team/sidebar.tmpl b/templates/org/team/sidebar.tmpl index ee612069b5..ff2474f007 100644 --- a/templates/org/team/sidebar.tmpl +++ b/templates/org/team/sidebar.tmpl @@ -3,9 +3,15 @@ <strong>{{.Team.Name}}</strong> <div class="ui right"> {{if .Team.IsMember $.SignedUser.ID}} - <a class="ui red tiny button" href="{{.OrgLink}}/teams/{{.Team.LowerName}}/action/leave?uid={{$.SignedUser.ID}}&page=home">{{$.i18n.Tr "org.teams.leave"}}</a> + <form method="post" action="{{.OrgLink}}/teams/{{.Team.LowerName}}/action/leave?uid={{$.SignedUser.ID}}&page=home"> + {{$.CsrfTokenHtml}} + <button type="submit" class="ui red tiny button">{{$.i18n.Tr "org.teams.leave"}}</button> + </form> {{else if .IsOrganizationOwner}} - <a class="ui blue tiny button" href="{{.OrgLink}}/teams/{{.Team.LowerName}}/action/join?uid={{$.SignedUser.ID}}&page=team">{{$.i18n.Tr "org.teams.join"}}</a> + <form method="post" action="{{.OrgLink}}/teams/{{.Team.LowerName}}/action/join?uid={{$.SignedUser.ID}}&page=team"> + {{$.CsrfTokenHtml}} + <button type="submit" class="ui blue tiny button">{{$.i18n.Tr "org.teams.join"}}</button> + </form> {{end}} </div> </h4> diff --git a/templates/org/team/teams.tmpl b/templates/org/team/teams.tmpl index 9d4a469028..a042ef6112 100644 --- a/templates/org/team/teams.tmpl +++ b/templates/org/team/teams.tmpl @@ -17,9 +17,15 @@ <a class="text black" href="{{$.OrgLink}}/teams/{{.LowerName}}"><strong>{{.Name}}</strong></a> <div class="ui right"> {{if .IsMember $.SignedUser.ID}} - <a class="ui red small button" href="{{$.OrgLink}}/teams/{{.LowerName}}/action/leave?uid={{$.SignedUser.ID}}">{{$.i18n.Tr "org.teams.leave"}}</a> + <form method="post" action="{{$.OrgLink}}/teams/{{.LowerName}}/action/leave?uid={{$.SignedUser.ID}}"> + {{$.CsrfTokenHtml}} + <button type="submit" class="ui red small button">{{$.i18n.Tr "org.teams.leave"}}</button> + </form> {{else if $.IsOrganizationOwner}} - <a class="ui blue small button" href="{{$.OrgLink}}/teams/{{.LowerName}}/action/join?uid={{$.SignedUser.ID}}">{{$.i18n.Tr "org.teams.join"}}</a> + <form method="post" action="{{$.OrgLink}}/teams/{{.LowerName}}/action/join?uid={{$.SignedUser.ID}}"> + {{$.CsrfTokenHtml}} + <button type="submit" class="ui blue small button">{{$.i18n.Tr "org.teams.join"}}</button> + </form> {{end}} </div> </div> diff --git a/templates/repo/header.tmpl b/templates/repo/header.tmpl index c92feb5a78..1fc298bcba 100644 --- a/templates/repo/header.tmpl +++ b/templates/repo/header.tmpl @@ -51,22 +51,28 @@ </div> {{if not .IsBeingCreated}} <div class="repo-buttons"> - <div class="ui labeled button" tabindex="0"> - <a class="ui compact basic button" href="{{$.RepoLink}}/action/{{if $.IsWatchingRepo}}un{{end}}watch?redirect_to={{$.Link}}"> - <i class="icon fa-eye{{if not $.IsWatchingRepo}}-slash{{end}}"></i>{{if $.IsWatchingRepo}}{{$.i18n.Tr "repo.unwatch"}}{{else}}{{$.i18n.Tr "repo.watch"}}{{end}} - </a> - <a class="ui basic label" href="{{.Link}}/watchers"> - {{.NumWatches}} - </a> - </div> - <div class="ui labeled button" tabindex="0"> - <a class="ui compact basic button" href="{{$.RepoLink}}/action/{{if $.IsStaringRepo}}un{{end}}star?redirect_to={{$.Link}}"> - <i class="icon star{{if not $.IsStaringRepo}} outline{{end}}"></i>{{if $.IsStaringRepo}}{{$.i18n.Tr "repo.unstar"}}{{else}}{{$.i18n.Tr "repo.star"}}{{end}} - </a> - <a class="ui basic label" href="{{.Link}}/stars"> - {{.NumStars}} - </a> - </div> + <form method="post" action="{{$.RepoLink}}/action/{{if $.IsWatchingRepo}}un{{end}}watch?redirect_to={{$.Link}}"> + {{$.CsrfTokenHtml}} + <div class="ui labeled button" tabindex="0"> + <button type="submit" class="ui compact basic button"> + <i class="icon fa-eye{{if not $.IsWatchingRepo}}-slash{{end}}"></i>{{if $.IsWatchingRepo}}{{$.i18n.Tr "repo.unwatch"}}{{else}}{{$.i18n.Tr "repo.watch"}}{{end}} + </button> + <a class="ui basic label" href="{{.Link}}/watchers"> + {{.NumWatches}} + </a> + </div> + </form> + <form method="post" action="{{$.RepoLink}}/action/{{if $.IsStaringRepo}}un{{end}}star?redirect_to={{$.Link}}"> + {{$.CsrfTokenHtml}} + <div class="ui labeled button" tabindex="0"> + <button type="submit" class="ui compact basic button"> + <i class="icon star{{if not $.IsStaringRepo}} outline{{end}}"></i>{{if $.IsStaringRepo}}{{$.i18n.Tr "repo.unstar"}}{{else}}{{$.i18n.Tr "repo.star"}}{{end}} + </button> + <a class="ui basic label" href="{{.Link}}/stars"> + {{.NumStars}} + </a> + </div> + </form> {{if and (not .IsEmpty) ($.Permission.CanRead $.UnitTypeCode)}} <div class="ui labeled button {{if and ($.IsSigned) (not $.CanSignedUserFork)}}disabled-repo-button{{end}}" tabindex="0"> <a class="ui compact basic button {{if or (not $.IsSigned) (not $.CanSignedUserFork)}}poping up{{end}}" {{if $.CanSignedUserFork}}href="{{AppSubUrl}}/repo/fork/{{.ID}}"{{else if $.IsSigned}} data-content="{{$.i18n.Tr "repo.fork_from_self"}}" {{ else }} data-content="{{$.i18n.Tr "repo.fork_guest_user" }}" rel="nofollow" href="{{AppSubUrl}}/user/login?redirect_to={{AppSubUrl}}/repo/fork/{{.ID}}" {{end}} data-position="top center" data-variation="tiny"> diff --git a/templates/repo/issue/milestones.tmpl b/templates/repo/issue/milestones.tmpl index e33124e66e..bee1cee65b 100644 --- a/templates/repo/issue/milestones.tmpl +++ b/templates/repo/issue/milestones.tmpl @@ -71,9 +71,9 @@ <div class="ui right operate"> <a href="{{$.Link}}/{{.ID}}/edit" data-id={{.ID}} data-title={{.Name}}>{{svg "octicon-pencil" 16}} {{$.i18n.Tr "repo.issues.label_edit"}}</a> {{if .IsClosed}} - <a href="{{$.Link}}/{{.ID}}/open" data-id={{.ID}} data-title={{.Name}}>{{svg "octicon-check" 16}} {{$.i18n.Tr "repo.milestones.open"}}</a> + <a class="link-action" href data-url="{{$.Link}}/{{.ID}}/open">{{svg "octicon-check" 16}} {{$.i18n.Tr "repo.milestones.open"}}</a> {{else}} - <a href="{{$.Link}}/{{.ID}}/close" data-id={{.ID}} data-title={{.Name}}>{{svg "octicon-x" 16}} {{$.i18n.Tr "repo.milestones.close"}}</a> + <a class="link-action" href data-url="{{$.Link}}/{{.ID}}/close">{{svg "octicon-x" 16}} {{$.i18n.Tr "repo.milestones.close"}}</a> {{end}} <a class="delete-button" href="#" data-url="{{$.RepoLink}}/milestones/delete" data-id="{{.ID}}">{{svg "octicon-trashcan" 16}} {{$.i18n.Tr "repo.issues.label_delete"}}</a> </div> diff --git a/templates/user/profile.tmpl b/templates/user/profile.tmpl index 945cc90f0d..f3cac7befb 100644 --- a/templates/user/profile.tmpl +++ b/templates/user/profile.tmpl @@ -65,9 +65,15 @@ {{if and .IsSigned (ne .SignedUserName .Owner.Name)}} <li class="follow"> {{if .SignedUser.IsFollowing .Owner.ID}} - <a class="ui basic red button" href="{{.Link}}/action/unfollow?redirect_to={{$.Link}}">{{svg "octicon-person" 16}} {{.i18n.Tr "user.unfollow"}}</a> + <form method="post" action="{{.Link}}/action/unfollow?redirect_to={{$.Link}}"> + {{$.CsrfTokenHtml}} + <button type="submit" class="ui basic red button">{{svg "octicon-person" 16}} {{.i18n.Tr "user.unfollow"}}</button> + </form> {{else}} - <a class="ui basic green button" href="{{.Link}}/action/follow?redirect_to={{$.Link}}">{{svg "octicon-person" 16}} {{.i18n.Tr "user.follow"}}</a> + <form method="post" action="{{.Link}}/action/follow?redirect_to={{$.Link}}"> + {{$.CsrfTokenHtml}} + <button type="submit" class="ui basic green button">{{svg "octicon-person" 16}} {{.i18n.Tr "user.follow"}}</button> + </form> {{end}} </li> {{end}} |