From 9d49c536d00a259740b814a5b37af02ceff6c617 Mon Sep 17 00:00:00 2001
From: HDVinnie <hdinnovations@protonmail.com>
Date: Thu, 23 Sep 2021 13:34:20 -0400
Subject: [PATCH] security: cross-site request forgery

- huntr bounty
---
 resources/views/torrent/torrent.blade.php | 10 ++++++----
 routes/web.php                            |  2 +-
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/resources/views/torrent/torrent.blade.php b/resources/views/torrent/torrent.blade.php
index b84162d59c..4ecbb3f85b 100644
--- a/resources/views/torrent/torrent.blade.php
+++ b/resources/views/torrent/torrent.blade.php
@@ -691,10 +691,12 @@ class="btn btn-primary btn-xs" role="button">
                                                        </button>
                                                    </form>
                                                 @else
-                                                    <a href="{{ route('torrent_revokefeature', ['id' => $torrent->id]) }}"
-                                                    class="btn btn-danger btn-xs" role="button">
-                                                        <i class="{{ config('other.font-awesome') }} fa-certificate"></i> @lang('torrent.revokefeatured')
-                                                    </a>
+                                                    <form role="form" method="POST" action="{{ route('torrent_revokefeature', ['id' => $torrent->id]) }}" style="display: inline-block;">
+                                                        @csrf
+                                                        <button type="submit" class="btn btn-xs btn-danger">
+                                                            <i class='{{ config('other.font-awesome') }} fa-certificate'></i> @lang('torrent.revokefeatured')
+                                                        </button>
+                                                    </form>
                                                 @endif
                                             </div>
                                         @endif
diff --git a/routes/web.php b/routes/web.php
index 7546103625..026d83dc10 100755
--- a/routes/web.php
+++ b/routes/web.php
@@ -273,7 +273,7 @@
             Route::get('/{id}/bumpTorrent', [App\Http\Controllers\TorrentController::class, 'bumpTorrent'])->name('bumpTorrent');
             Route::get('/{id}/torrent_sticky', [App\Http\Controllers\TorrentController::class, 'sticky'])->name('torrent_sticky');
             Route::post('/{id}/torrent_feature', [App\Http\Controllers\TorrentController::class, 'grantFeatured'])->name('torrent_feature');
-            Route::get('/{id}/torrent_revokefeature', [App\Http\Controllers\TorrentController::class, 'revokeFeatured'])->name('torrent_revokefeature');
+            Route::post('/{id}/torrent_revokefeature', [App\Http\Controllers\TorrentController::class, 'revokeFeatured'])->name('torrent_revokefeature');
             Route::get('/{id}/reseed', [App\Http\Controllers\TorrentController::class, 'reseedTorrent'])->name('reseed');
             Route::post('/{id}/tip_uploader', [App\Http\Controllers\BonusController::class, 'tipUploader'])->name('tip_uploader');
             Route::get('/{id}/freeleech_token', [App\Http\Controllers\TorrentController::class, 'freeleechToken'])->name('freeleech_token');