From cc1e68337d83bee673872f8f2a781c9d3d1b2843 Mon Sep 17 00:00:00 2001
From: HDVinnie <hdinnovations@protonmail.com>
Date: Thu, 23 Sep 2021 22:41:21 -0400
Subject: [PATCH] security: cross-site request forgery

- huntr bounty
---
 resources/views/article/show.blade.php        | 21 +++++++++++------
 .../views/mediahub/collection/show.blade.php  | 21 +++++++++++------
 resources/views/playlist/show.blade.php       | 21 +++++++++++------
 resources/views/requests/request.blade.php    | 23 +++++++++++--------
 resources/views/torrent/torrent.blade.php     | 22 +++++++++++-------
 routes/web.php                                |  2 +-
 6 files changed, 71 insertions(+), 39 deletions(-)

diff --git a/resources/views/article/show.blade.php b/resources/views/article/show.blade.php
index 90d92936aa..32dbf8d5da 100644
--- a/resources/views/article/show.blade.php
+++ b/resources/views/article/show.blade.php
@@ -81,13 +81,20 @@ class="pull-left" style="padding-right: 10px;">
                                                             href="{{ route('users.show', ['username' => $comment->user->username]) }}" style="color:{{ $comment->user->group->color }};"><span><i class="{{ $comment->user->group->icon }}"></i> {{ $comment->user->username }}</span></a></strong> @endif
                                             <span class="text-muted"><small><em>{{$comment->created_at->diffForHumans() }}</em></small></span>
                                             @if ($comment->user_id == auth()->id() || auth()->user()->group->is_modo)
-                                                <a title="@lang('common.delete-your-comment')"
-                                                   href="{{route('comment_delete',['comment_id'=>$comment->id])}}"><i
-                                                            class="pull-right btn btn-danger btn-xs {{ config('other.font-awesome') }} fa fa-times" aria-hidden="true"></i></a>
-                                                <a title="@lang('common.edit-your-comment')" data-toggle="modal"
-                                                   data-target="#modal-comment-edit-{{ $comment->id }}"><i
-                                                            class="pull-right btn btn-warning btn-xs {{ config('other.font-awesome') }} fa-pencil"
-                                                            aria-hidden="true"></i></a>
+                                                    <div class="pull-right" style="display: inline-block;">
+                                                        <a data-toggle="modal" data-target="#modal-comment-edit-{{ $comment->id }}">
+                                                            <button class="btn btn-circle btn-info">
+                                                                <i class="{{ config('other.font-awesome') }} fa-pencil"></i>
+                                                            </button>
+                                                        </a>
+                                                        <form action="{{ route('comment_delete', ['comment_id' => $comment->id]) }}" method="POST" style="display: inline-block;">
+                                                            @csrf
+                                                            @method('DELETE')
+                                                            <button type="submit" class="btn btn-circle btn-danger">
+                                                                <i class="{{ config('other.font-awesome') }} fa-trash"></i>
+                                                            </button>
+                                                        </form>
+                                                    </div>
                                             @endif
                                             <div class="pt-5">
                                                 @joypixels($comment->getContentHtml())
diff --git a/resources/views/mediahub/collection/show.blade.php b/resources/views/mediahub/collection/show.blade.php
index 90138b07d0..39dcd2b471 100644
--- a/resources/views/mediahub/collection/show.blade.php
+++ b/resources/views/mediahub/collection/show.blade.php
@@ -137,13 +137,20 @@ class="pull-left" style="padding-right: 10px;">
                                                         href="{{ route('users.show', ['username' => $comment->user->username]) }}" style="color:{{ $comment->user->group->color }};"><span><i class="{{ $comment->user->group->icon }}"></i> {{ $comment->user->username }}</span></a></strong> @endif
                                         <span class="text-muted"><small><em>{{ $comment->created_at->toDayDateTimeString() }} ({{ $comment->created_at->diffForHumans() }})</em></small></span>
                                         @if ($comment->user_id == auth()->id() || auth()->user()->group->is_modo)
-                                            <a title="@lang('common.delete-comment')"
-                                               href="{{route('comment_delete',['comment_id'=>$comment->id])}}"><i
-                                                        class="pull-right {{ config('other.font-awesome') }} fa fa-times" aria-hidden="true"></i></a>
-                                            <a title="@lang('common.edit-comment')" data-toggle="modal"
-                                               data-target="#modal-comment-edit-{{ $comment->id }}"><i
-                                                        class="pull-right {{ config('other.font-awesome') }} fa-pencil"
-                                                        aria-hidden="true"></i></a>
+                                            <div class="pull-right" style="display: inline-block;">
+                                                <a data-toggle="modal" data-target="#modal-comment-edit-{{ $comment->id }}">
+                                                    <button class="btn btn-circle btn-info">
+                                                        <i class="{{ config('other.font-awesome') }} fa-pencil"></i>
+                                                    </button>
+                                                </a>
+                                                <form action="{{ route('comment_delete', ['comment_id' => $comment->id]) }}" method="POST" style="display: inline-block;">
+                                                    @csrf
+                                                    @method('DELETE')
+                                                    <button type="submit" class="btn btn-circle btn-danger">
+                                                        <i class="{{ config('other.font-awesome') }} fa-trash"></i>
+                                                    </button>
+                                                </form>
+                                            </div>
                                         @endif
                                         <div class="pt-5">
                                             @joypixels($comment->getContentHtml())
diff --git a/resources/views/playlist/show.blade.php b/resources/views/playlist/show.blade.php
index 9c26914d27..060464947d 100644
--- a/resources/views/playlist/show.blade.php
+++ b/resources/views/playlist/show.blade.php
@@ -250,13 +250,20 @@ class="pull-left" style="padding-right: 10px;">
 																href="{{ route('users.show', ['username' => $comment->user->username]) }}" style="color:{{ $comment->user->group->color }};"><span><i class="{{ $comment->user->group->icon }}"></i> {{ $comment->user->username }}</span></a></strong> @endif
 												<span class="text-muted"><small><em>{{ $comment->created_at->toDayDateTimeString() }} ({{ $comment->created_at->diffForHumans() }})</em></small></span>
 												@if ($comment->user_id == auth()->id() || auth()->user()->group->is_modo)
-													<a title="@lang('common.delete-comment')"
-													   href="{{route('comment_delete',['comment_id'=>$comment->id])}}"><i
-																class="pull-right {{ config('other.font-awesome') }} fa fa-times" aria-hidden="true"></i></a>
-													<a title="@lang('common.edit-comment')" data-toggle="modal"
-													   data-target="#modal-comment-edit-{{ $comment->id }}"><i
-																class="pull-right {{ config('other.font-awesome') }} fa-pencil"
-																aria-hidden="true"></i></a>
+														<div class="pull-right" style="display: inline-block;">
+															<a data-toggle="modal" data-target="#modal-comment-edit-{{ $comment->id }}">
+																<button class="btn btn-circle btn-info">
+																	<i class="{{ config('other.font-awesome') }} fa-pencil"></i>
+																</button>
+															</a>
+															<form action="{{ route('comment_delete', ['comment_id' => $comment->id]) }}" method="POST" style="display: inline-block;">
+																@csrf
+																@method('DELETE')
+																<button type="submit" class="btn btn-circle btn-danger">
+																	<i class="{{ config('other.font-awesome') }} fa-trash"></i>
+																</button>
+															</form>
+														</div>
 												@endif
 												<div class="pt-5">
 													@joypixels($comment->getContentHtml())
diff --git a/resources/views/requests/request.blade.php b/resources/views/requests/request.blade.php
index 29549fc8ab..5116560280 100644
--- a/resources/views/requests/request.blade.php
+++ b/resources/views/requests/request.blade.php
@@ -408,15 +408,20 @@ class="img-avatar-48"></a>
                                                 @endif
                                                 <span class="text-muted"><small><em>{{ $comment->created_at->toDayDateTimeString() }} ({{ $comment->created_at->diffForHumans() }})</em></small></span>
                                                 @if ($comment->user_id == auth()->id() || auth()->user()->group->is_modo)
-                                                    <a title="@lang('common.delete-your-comment')"
-                                                       href="{{route('comment_delete',['comment_id'=>$comment->id])}}"><i
-                                                                class="pull-right {{ config('other.font-awesome') }} fa-lg fa-times"
-                                                                aria-hidden="true"></i></a>
-                                                    <a title="@lang('common.edit-your-comment')"
-                                                       data-toggle="modal"
-                                                       data-target="#modal-comment-edit-{{ $comment->id }}"><i
-                                                                class="pull-right {{ config('other.font-awesome') }} fa-lg fa-pencil"
-                                                                aria-hidden="true"></i></a>
+                                                        <div class="pull-right" style="display: inline-block;">
+                                                            <a data-toggle="modal" data-target="#modal-comment-edit-{{ $comment->id }}">
+                                                                <button class="btn btn-circle btn-info">
+                                                                    <i class="{{ config('other.font-awesome') }} fa-pencil"></i>
+                                                                </button>
+                                                            </a>
+                                                            <form action="{{ route('comment_delete', ['comment_id' => $comment->id]) }}" method="POST" style="display: inline-block;">
+                                                                @csrf
+                                                                @method('DELETE')
+                                                                <button type="submit" class="btn btn-circle btn-danger">
+                                                                    <i class="{{ config('other.font-awesome') }} fa-trash"></i>
+                                                                </button>
+                                                            </form>
+                                                        </div>
                                                 @endif
                                                 <div class="pt-5">
                                                     @joypixels($comment->getContentHtml())
diff --git a/resources/views/torrent/torrent.blade.php b/resources/views/torrent/torrent.blade.php
index 4ecbb3f85b..dba47b65dd 100644
--- a/resources/views/torrent/torrent.blade.php
+++ b/resources/views/torrent/torrent.blade.php
@@ -1047,14 +1047,20 @@ class="pull-left" style="padding-right: 10px;">
         																class="{{ $comment->user->group->icon }}"></i> {{ $comment->user->username }}</span></a></strong> @endif
         										<span class="text-muted"><small><em>{{ $comment->created_at->toDayDateTimeString() }} ({{ $comment->created_at->diffForHumans() }})</em></small></span>
         										@if ($comment->user_id == auth()->id() || auth()->user()->group->is_modo)
-        											<a title="@lang('common.delete-comment')"
-        											   href="{{route('comment_delete',['comment_id'=>$comment->id])}}"><i
-        														class="pull-right {{ config('other.font-awesome') }} fa fa-times"
-        														aria-hidden="true"></i></a>
-        											<a title="@lang('common.edit-comment')" data-toggle="modal"
-        											   data-target="#modal-comment-edit-{{ $comment->id }}"><i
-        														class="pull-right {{ config('other.font-awesome') }} fa-pencil"
-        														aria-hidden="true"></i></a>
+                                                        <div class="pull-right" style="display: inline-block;">
+                                                            <a data-toggle="modal" data-target="#modal-comment-edit-{{ $comment->id }}">
+                                                                <button class="btn btn-circle btn-info">
+                                                                    <i class="{{ config('other.font-awesome') }} fa-pencil"></i>
+                                                                </button>
+                                                            </a>
+                                                            <form action="{{ route('comment_delete', ['comment_id' => $comment->id]) }}" method="POST" style="display: inline-block;">
+                                                                @csrf
+                                                                @method('DELETE')
+                                                                <button type="submit" class="btn btn-circle btn-danger">
+                                                                    <i class="{{ config('other.font-awesome') }} fa-trash"></i>
+                                                                </button>
+                                                            </form>
+                                                        </div>
         										@endif
         										<div class="pt-5">
         											@joypixels($comment->getContentHtml())
diff --git a/routes/web.php b/routes/web.php
index 3e9947173a..5fb3264c6b 100755
--- a/routes/web.php
+++ b/routes/web.php
@@ -188,7 +188,7 @@
             Route::post('/collection/{id}', [App\Http\Controllers\CommentController::class, 'collection'])->name('comment_collection');
             Route::post('/ticket/{id}', [App\Http\Controllers\CommentController::class, 'ticket'])->name('comment_ticket');
             Route::post('/edit/{comment_id}', [App\Http\Controllers\CommentController::class, 'editComment'])->name('comment_edit');
-            Route::get('/delete/{comment_id}', [App\Http\Controllers\CommentController::class, 'deleteComment'])->name('comment_delete');
+            Route::delete('/delete/{comment_id}', [App\Http\Controllers\CommentController::class, 'deleteComment'])->name('comment_delete');
         });
 
         // Extra-Stats System