Skip to content

Commit

Permalink
security: cross-site request forgery
Browse files Browse the repository at this point in the history 
- huntr bounty
  • Loading branch information
@HDVinnie
HDVinnie committed Sep 24, 2021
1 parent 220db85 commit cc1e683
Show file tree
Hide file tree
Showing 6 changed files with 71 additions and 39 deletions.
21 changes: 14 additions & 7 deletions resources/views/article/show.blade.php
View file
Expand Up @@ -81,13 +81,20 @@ class="pull-left" style="padding-right: 10px;">
href="{{ route('users.show', ['username' => $comment->user->username]) }}" style="color:{{ $comment->user->group->color }};"><span><i class="{{ $comment->user->group->icon }}"></i> {{ $comment->user->username }}</span></a></strong> @endif
<span class="text-muted"><small><em>{{$comment->created_at->diffForHumans() }}</em></small></span>
@if ($comment->user_id == auth()->id() || auth()->user()->group->is_modo)
<a title="@lang('common.delete-your-comment')"
href="{{route('comment_delete',['comment_id'=>$comment->id])}}"><i
class="pull-right btn btn-danger btn-xs {{ config('other.font-awesome') }} fa fa-times" aria-hidden="true"></i></a>
<a title="@lang('common.edit-your-comment')" data-toggle="modal"
data-target="#modal-comment-edit-{{ $comment->id }}"><i
class="pull-right btn btn-warning btn-xs {{ config('other.font-awesome') }} fa-pencil"
aria-hidden="true"></i></a>
<div class="pull-right" style="display: inline-block;">
<a data-toggle="modal" data-target="#modal-comment-edit-{{ $comment->id }}">
<button class="btn btn-circle btn-info">
<i class="{{ config('other.font-awesome') }} fa-pencil"></i>
</button>
</a>
<form action="{{ route('comment_delete', ['comment_id' => $comment->id]) }}" method="POST" style="display: inline-block;">
@csrf
@method('DELETE')
<button type="submit" class="btn btn-circle btn-danger">
<i class="{{ config('other.font-awesome') }} fa-trash"></i>
</button>
</form>
</div>
@endif
<div class="pt-5">
@joypixels($comment->getContentHtml())
Expand Down
21 changes: 14 additions & 7 deletions resources/views/mediahub/collection/show.blade.php
View file
Expand Up @@ -137,13 +137,20 @@ class="pull-left" style="padding-right: 10px;">
href="{{ route('users.show', ['username' => $comment->user->username]) }}" style="color:{{ $comment->user->group->color }};"><span><i class="{{ $comment->user->group->icon }}"></i> {{ $comment->user->username }}</span></a></strong> @endif
<span class="text-muted"><small><em>{{ $comment->created_at->toDayDateTimeString() }} ({{ $comment->created_at->diffForHumans() }})</em></small></span>
@if ($comment->user_id == auth()->id() || auth()->user()->group->is_modo)
<a title="@lang('common.delete-comment')"
href="{{route('comment_delete',['comment_id'=>$comment->id])}}"><i
class="pull-right {{ config('other.font-awesome') }} fa fa-times" aria-hidden="true"></i></a>
<a title="@lang('common.edit-comment')" data-toggle="modal"
data-target="#modal-comment-edit-{{ $comment->id }}"><i
class="pull-right {{ config('other.font-awesome') }} fa-pencil"
aria-hidden="true"></i></a>
<div class="pull-right" style="display: inline-block;">
<a data-toggle="modal" data-target="#modal-comment-edit-{{ $comment->id }}">
<button class="btn btn-circle btn-info">
<i class="{{ config('other.font-awesome') }} fa-pencil"></i>
</button>
</a>
<form action="{{ route('comment_delete', ['comment_id' => $comment->id]) }}" method="POST" style="display: inline-block;">
@csrf
@method('DELETE')
<button type="submit" class="btn btn-circle btn-danger">
<i class="{{ config('other.font-awesome') }} fa-trash"></i>
</button>
</form>
</div>
@endif
<div class="pt-5">
@joypixels($comment->getContentHtml())
Expand Down
21 changes: 14 additions & 7 deletions resources/views/playlist/show.blade.php
View file
Expand Up @@ -250,13 +250,20 @@ class="pull-left" style="padding-right: 10px;">
href="{{ route('users.show', ['username' => $comment->user->username]) }}" style="color:{{ $comment->user->group->color }};"><span><i class="{{ $comment->user->group->icon }}"></i> {{ $comment->user->username }}</span></a></strong> @endif
<span class="text-muted"><small><em>{{ $comment->created_at->toDayDateTimeString() }} ({{ $comment->created_at->diffForHumans() }})</em></small></span>
@if ($comment->user_id == auth()->id() || auth()->user()->group->is_modo)
<a title="@lang('common.delete-comment')"
href="{{route('comment_delete',['comment_id'=>$comment->id])}}"><i
class="pull-right {{ config('other.font-awesome') }} fa fa-times" aria-hidden="true"></i></a>
<a title="@lang('common.edit-comment')" data-toggle="modal"
data-target="#modal-comment-edit-{{ $comment->id }}"><i
class="pull-right {{ config('other.font-awesome') }} fa-pencil"
aria-hidden="true"></i></a>
<div class="pull-right" style="display: inline-block;">
<a data-toggle="modal" data-target="#modal-comment-edit-{{ $comment->id }}">
<button class="btn btn-circle btn-info">
<i class="{{ config('other.font-awesome') }} fa-pencil"></i>
</button>
</a>
<form action="{{ route('comment_delete', ['comment_id' => $comment->id]) }}" method="POST" style="display: inline-block;">
@csrf
@method('DELETE')
<button type="submit" class="btn btn-circle btn-danger">
<i class="{{ config('other.font-awesome') }} fa-trash"></i>
</button>
</form>
</div>
@endif
<div class="pt-5">
@joypixels($comment->getContentHtml())
Expand Down
23 changes: 14 additions & 9 deletions resources/views/requests/request.blade.php
View file
Expand Up @@ -408,15 +408,20 @@ class="img-avatar-48"></a>
@endif
<span class="text-muted"><small><em>{{ $comment->created_at->toDayDateTimeString() }} ({{ $comment->created_at->diffForHumans() }})</em></small></span>
@if ($comment->user_id == auth()->id() || auth()->user()->group->is_modo)
<a title="@lang('common.delete-your-comment')"
href="{{route('comment_delete',['comment_id'=>$comment->id])}}"><i
class="pull-right {{ config('other.font-awesome') }} fa-lg fa-times"
aria-hidden="true"></i></a>
<a title="@lang('common.edit-your-comment')"
data-toggle="modal"
data-target="#modal-comment-edit-{{ $comment->id }}"><i
class="pull-right {{ config('other.font-awesome') }} fa-lg fa-pencil"
aria-hidden="true"></i></a>
<div class="pull-right" style="display: inline-block;">
<a data-toggle="modal" data-target="#modal-comment-edit-{{ $comment->id }}">
<button class="btn btn-circle btn-info">
<i class="{{ config('other.font-awesome') }} fa-pencil"></i>
</button>
</a>
<form action="{{ route('comment_delete', ['comment_id' => $comment->id]) }}" method="POST" style="display: inline-block;">
@csrf
@method('DELETE')
<button type="submit" class="btn btn-circle btn-danger">
<i class="{{ config('other.font-awesome') }} fa-trash"></i>
</button>
</form>
</div>
@endif
<div class="pt-5">
@joypixels($comment->getContentHtml())
Expand Down
22 changes: 14 additions & 8 deletions resources/views/torrent/torrent.blade.php
View file
Expand Up @@ -1047,14 +1047,20 @@ class="pull-left" style="padding-right: 10px;">
class="{{ $comment->user->group->icon }}"></i> {{ $comment->user->username }}</span></a></strong> @endif
<span class="text-muted"><small><em>{{ $comment->created_at->toDayDateTimeString() }} ({{ $comment->created_at->diffForHumans() }})</em></small></span>
@if ($comment->user_id == auth()->id() || auth()->user()->group->is_modo)
<a title="@lang('common.delete-comment')"
href="{{route('comment_delete',['comment_id'=>$comment->id])}}"><i
class="pull-right {{ config('other.font-awesome') }} fa fa-times"
aria-hidden="true"></i></a>
<a title="@lang('common.edit-comment')" data-toggle="modal"
data-target="#modal-comment-edit-{{ $comment->id }}"><i
class="pull-right {{ config('other.font-awesome') }} fa-pencil"
aria-hidden="true"></i></a>
<div class="pull-right" style="display: inline-block;">
<a data-toggle="modal" data-target="#modal-comment-edit-{{ $comment->id }}">
<button class="btn btn-circle btn-info">
<i class="{{ config('other.font-awesome') }} fa-pencil"></i>
</button>
</a>
<form action="{{ route('comment_delete', ['comment_id' => $comment->id]) }}" method="POST" style="display: inline-block;">
@csrf
@method('DELETE')
<button type="submit" class="btn btn-circle btn-danger">
<i class="{{ config('other.font-awesome') }} fa-trash"></i>
</button>
</form>
</div>
@endif
<div class="pt-5">
@joypixels($comment->getContentHtml())
Expand Down
2 changes: 1 addition & 1 deletion routes/web.php
View file
Expand Up @@ -188,7 +188,7 @@
Route::post('/collection/{id}', [App\Http\Controllers\CommentController::class, 'collection'])->name('comment_collection');
Route::post('/ticket/{id}', [App\Http\Controllers\CommentController::class, 'ticket'])->name('comment_ticket');
Route::post('/edit/{comment_id}', [App\Http\Controllers\CommentController::class, 'editComment'])->name('comment_edit');
Route::get('/delete/{comment_id}', [App\Http\Controllers\CommentController::class, 'deleteComment'])->name('comment_delete');
Route::delete('/delete/{comment_id}', [App\Http\Controllers\CommentController::class, 'deleteComment'])->name('comment_delete');
});

// Extra-Stats System
Expand Down

0 comments on commit cc1e683

Please sign in to comment.