From 5b978cc473cd1998cea8f214f771f1daabdedf99 Mon Sep 17 00:00:00 2001
From: HDVinnie <hdinnovations@protonmail.com>
Date: Thu, 23 Sep 2021 12:10:52 -0400
Subject: [PATCH] security: cross-site request forgery

---
 resources/views/partials/top_nav.blade.php | 11 ++++++++---
 routes/web.php                             |  2 +-
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/resources/views/partials/top_nav.blade.php b/resources/views/partials/top_nav.blade.php
index 8e6e82cd06..7df51a1d82 100644
--- a/resources/views/partials/top_nav.blade.php
+++ b/resources/views/partials/top_nav.blade.php
@@ -142,9 +142,14 @@ class="img-circle">
                         </a>
                     </li>
                     <li>
-                        <a href="{{ route('logout') }}">
-                            <i class="{{ config('other.font-awesome') }} fa-sign-out"></i> @lang('auth.logout')
-                        </a>
+                        <form role="form" method="POST" action="{{ route('logout') }}" style="background-color: #272634; clear: both; display: block; font-family: lato,sans-serif; font-weight: 400; line-height: 1.42857; padding: 6px 10px; white-space: nowrap; ">
+                            @csrf
+                            <div class="text-center">
+                                <button type="submit" class="btn btn-xs btn-danger">
+                                    <i class='{{ config('other.font-awesome') }} fa-sign-out'></i> @lang('auth.logout')
+                                </button>
+                            </div>
+                        </form>
                     </li>
                 </ul>
             </li>
diff --git a/routes/web.php b/routes/web.php
index 32126c5ec5..29e0b5649a 100755
--- a/routes/web.php
+++ b/routes/web.php
@@ -85,7 +85,7 @@
     Route::group(['middleware' => ['auth', 'twostep', 'banned']], function () {
 
         // General
-        Route::get('/logout', [App\Http\Controllers\Auth\LoginController::class, 'logout'])->name('logout');
+        Route::post('/logout', [App\Http\Controllers\Auth\LoginController::class, 'logout'])->name('logout');
         Route::get('/', [App\Http\Controllers\HomeController::class, 'index'])->name('home.index');
 
         // Achievements System