Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
security: cross-site request forgery
  • Loading branch information
HDVinnie committed Sep 23, 2021
1 parent 2ea49b1 commit 0ceb9ce
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 4 deletions.
9 changes: 6 additions & 3 deletions resources/views/user/buttons/profile.blade.php
Expand Up @@ -2,9 +2,12 @@
<div class="button-left">
@if(auth()->user()->id == $user->id)
@if((!auth()->user()->hidden || auth()->user()->hidden == 0))
<a href="{{ route('user_hidden', ['username' => $user->username]) }}" class="btn btn-sm btn-danger">
<i class='{{ config('other.font-awesome') }} fa-eye-slash'></i> @lang('user.become-hidden')
</a>
<form role="form" method="POST" action="{{ route('user_hidden', ['username' => $user->username]) }}" style="display: inline-block;">
@csrf
<button type="submit" class="btn btn-sm btn-danger">
<i class='{{ config('other.font-awesome') }} fa-eye-slash'></i> @lang('user.become-hidden')
</button>
</form>
@else
<form role="form" method="POST" action="{{ route('user_visible', ['username' => $user->username]) }}" style="display: inline-block;">
@csrf
Expand Down
2 changes: 1 addition & 1 deletion routes/web.php
Expand Up @@ -341,7 +341,7 @@
Route::post('/{username}/settings/privacy/request', [App\Http\Controllers\UserController::class, 'changeRequest'])->name('privacy_request');
Route::post('/{username}/settings/privacy/other', [App\Http\Controllers\UserController::class, 'changeOther'])->name('privacy_other');
Route::post('/{username}/settings/change_twostep', [App\Http\Controllers\UserController::class, 'changeTwoStep'])->name('change_twostep');
Route::get('/{username}/settings/hidden', [App\Http\Controllers\UserController::class, 'makeHidden'])->name('user_hidden');
Route::post('/{username}/settings/hidden', [App\Http\Controllers\UserController::class, 'makeHidden'])->name('user_hidden');
Route::post('/{username}/settings/visible', [App\Http\Controllers\UserController::class, 'makeVisible'])->name('user_visible');
Route::get('/{username}/settings/private', [App\Http\Controllers\UserController::class, 'makePrivate'])->name('user_private');
Route::get('/{username}/settings/public', [App\Http\Controllers\UserController::class, 'makePublic'])->name('user_public');
Expand Down

0 comments on commit 0ceb9ce

Please sign in to comment.