diff options
| author |  Inverle <inverle@proton.me>
| 2025-09-24 12:13:40 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2025-09-24 12:13:40 +0200 |
| commit | f612a560d28a31095c27c130e84bf6ff39f061f5 (patch) | |
| tree | 53aeb904bb39ce9365342eb80c9dab54079c5696 /app/layout | |
| parent | 067479a9f16cb91753acfd1fea5d0a18106e1c44 (diff) | |
Fix some CSRFs (#8000)
In two bookmark actions and one in `entryController`
Completes one TODO from #7923:
https://github.com/FreshRSS/FreshRSS/blob/de624dc8ce63ec819c61216d9d44f828841c293e/app/Controllers/entryController.php#L257
(a POST request is already sent in the frontend)
Diffstat (limited to 'app/layout')
| -rw-r--r-- | app/layout/nav_menu.phtml | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/app/layout/nav_menu.phtml b/app/layout/nav_menu.phtml index 11efa5763..2f09465aa 100644 --- a/app/layout/nav_menu.phtml +++ b/app/layout/nav_menu.phtml @@ -96,7 +96,7 @@ $url_query['c'] = 'configure'; $url_query['a'] = 'bookmarkQuery'; ?> - <li class="item<?= $classSeparator ?>"><a href="<?= Minz_Url::display($url_query) ?>"><?= _i('bookmark-add') ?> <?= _t('index.menu.bookmark_query') ?></a></li> + <li class="item<?= $classSeparator ?>"><button class="as-link" form="post-csrf" formaction="<?= Minz_Url::display($url_query) ?>"><?= _i('bookmark-add') ?> <?= _t('index.menu.bookmark_query') ?></button></li> </ul> <a class="dropdown-close" href="#close">❌</a> </div> |