Skip to content

Commit

Permalink
security: cross-site request forgery
Browse files Browse the repository at this point in the history 
- huntr bounty
  • Loading branch information
@HDVinnie
HDVinnie committed Sep 24, 2021
1 parent bde1c76 commit efb593e
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 10 deletions.
16 changes: 12 additions & 4 deletions resources/views/Staff/chat/bot/index.blade.php
View file
Expand Up @@ -54,11 +54,19 @@ class="btn btn-warning">@lang('common.edit')</a>

@else
@if($bot->active)
<a href="{{ route('staff.bots.disable', ['id' => $bot->id]) }}"
class="btn btn-danger">@lang('common.disable')</a>
<form role="form" method="POST" action="{{ route('staff.bots.disable', ['id' => $bot->id]) }}" style="display: inline-block;">
@csrf
<button type="submit" class="btn btn-xs btn-warning">
<i class='{{ config('other.font-awesome') }} fa-times-circle'></i> @lang('common.disable')
</button>
</form>
@else
<a href="{{ route('staff.bots.enable', ['id' => $bot->id]) }}"
class="btn btn-success">@lang('common.enable')</a>
<form role="form" method="POST" action="{{ route('staff.bots.enable', ['id' => $bot->id]) }}" style="display: inline-block;">
@csrf
<button type="submit" class="btn btn-xs btn-success">
<i class='{{ config('other.font-awesome') }} fa-check-circle'></i> @lang('common.enable')
</button>
</form>
@endif
@endif
</form>
Expand Down
10 changes: 7 additions & 3 deletions resources/views/partials/dashboardmenu.blade.php
View file
Expand Up @@ -48,9 +48,13 @@
</a>
</li>
<li>
<a href="{{ route('staff.flush.chat') }}">
<i class="{{ config('other.font-awesome') }} fa-broom"></i> @lang('staff.flush-chat')
</a>
<form role="form" method="POST" action="{{ route('staff.flush.chat') }}" style="padding: 10px 15px;">
@csrf
<i class="{{ config('other.font-awesome') }} fa-broom"></i>
<button type="submit" class="btn btn-xs btn-info">
@lang('staff.flush-chat')
</button>
</form>
</li>

<li class="nav-header head">
Expand Down
6 changes: 3 additions & 3 deletions routes/web.php
View file
Expand Up @@ -693,8 +693,8 @@
Route::get('/bots/{id}/edit', [App\Http\Controllers\Staff\ChatBotController::class, 'edit'])->name('edit');
Route::patch('/bots/{id}/update', [App\Http\Controllers\Staff\ChatBotController::class, 'update'])->name('update');
Route::delete('/bots/{id}/destroy', [App\Http\Controllers\Staff\ChatBotController::class, 'destroy'])->name('destroy');
Route::get('/bots/{id}/disable', [App\Http\Controllers\Staff\ChatBotController::class, 'disable'])->name('disable');
Route::get('/bots/{id}/enable', [App\Http\Controllers\Staff\ChatBotController::class, 'enable'])->name('enable');
Route::post('/bots/{id}/disable', [App\Http\Controllers\Staff\ChatBotController::class, 'disable'])->name('disable');
Route::post('/bots/{id}/enable', [App\Http\Controllers\Staff\ChatBotController::class, 'enable'])->name('enable');
});
});

Expand Down Expand Up @@ -749,7 +749,7 @@
Route::group(['prefix' => 'flush'], function () {
Route::name('staff.flush.')->group(function () {
Route::get('/peers', [App\Http\Controllers\Staff\FlushController::class, 'peers'])->name('peers');
Route::get('/chat', [App\Http\Controllers\Staff\FlushController::class, 'chat'])->name('chat');
Route::post('/chat', [App\Http\Controllers\Staff\FlushController::class, 'chat'])->name('chat');
});
});

Expand Down

0 comments on commit efb593e

Please sign in to comment.