From e0c24cf8845e5c1fd2a1dd219693494267444a68 Mon Sep 17 00:00:00 2001 From: HDVinnie Date: Thu, 23 Sep 2021 11:49:02 -0400 Subject: [PATCH] security: cross-site request forgery --- resources/views/user/buttons/profile.blade.php | 9 ++++++--- routes/web.php | 2 +- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/resources/views/user/buttons/profile.blade.php b/resources/views/user/buttons/profile.blade.php index 6f9ac8ac8b..624a59a3be 100644 --- a/resources/views/user/buttons/profile.blade.php +++ b/resources/views/user/buttons/profile.blade.php @@ -17,9 +17,12 @@ @endif @if((auth()->user()->private_profile == 0 || auth()->user()->private_profile == 0)) - - @lang('user.go-private') - +
+ @csrf + +
@else
@csrf diff --git a/routes/web.php b/routes/web.php index 5fea89b7d0..5a7847d7d1 100755 --- a/routes/web.php +++ b/routes/web.php @@ -343,7 +343,7 @@ Route::post('/{username}/settings/change_twostep', [App\Http\Controllers\UserController::class, 'changeTwoStep'])->name('change_twostep'); Route::post('/{username}/settings/hidden', [App\Http\Controllers\UserController::class, 'makeHidden'])->name('user_hidden'); Route::post('/{username}/settings/visible', [App\Http\Controllers\UserController::class, 'makeVisible'])->name('user_visible'); - Route::get('/{username}/settings/private', [App\Http\Controllers\UserController::class, 'makePrivate'])->name('user_private'); + Route::post('/{username}/settings/private', [App\Http\Controllers\UserController::class, 'makePrivate'])->name('user_private'); Route::post('/{username}/settings/public', [App\Http\Controllers\UserController::class, 'makePublic'])->name('user_public'); Route::post('/accept-rules', [App\Http\Controllers\UserController::class, 'acceptRules'])->name('accept.rules'); Route::get('/{username}/seedboxes', [App\Http\Controllers\SeedboxController::class, 'index'])->name('seedboxes.index');