Merge branch 'FreshRSS/dev' into PostgreSQL

3 files changed, 5 insertions, 1 deletions

diff --git a/app/layout/aside_feed.phtml b/app/layout/aside_feed.phtml
index 67507b88d..e8fdbf842 100644
--- a/app/layout/aside_feed.phtml
+++ b/app/layout/aside_feed.phtml
@@ -20,6 +20,7 @@
 	<?php } ?>
 
 	<form id="mark-read-aside" method="post">
+	<input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" />
 	<ul class="tree">
 		<li class="tree-folder category all<?php echo FreshRSS_Context::isCurrentGet('a') ? ' active' : ''; ?>">
 			<div class="tree-folder-title">
diff --git a/app/layout/layout.phtml b/app/layout/layout.phtml
index 6906fa05f..189d93fbe 100644
--- a/app/layout/layout.phtml
+++ b/app/layout/layout.phtml
@@ -23,7 +23,7 @@
 <?php
 	flush();
 	if (isset($this->callbackBeforeContent)) {
-		call_user_func($this->callbackBeforeContent);
+		call_user_func($this->callbackBeforeContent, $this);
 	}
 ?>
 		<?php echo self::headTitle(); ?>
@@ -41,6 +41,8 @@
 		$url_rss['a'] = 'rss';
 ?>
 		<link rel="alternate" type="application/rss+xml" title="<?php echo $this->rss_title; ?>" href="<?php echo Minz_Url::display($url_rss); ?>" />
+<?php } if (!FreshRSS_Context::$system_conf->allow_referrer) { ?>
+		<meta name="referrer" content="never" />
 <?php } if (FreshRSS_Context::$system_conf->allow_robots) { ?>
 		<meta name="description" content="<?php echo htmlspecialchars(FreshRSS_Context::$name . ' | ' . FreshRSS_Context::$description, ENT_COMPAT, 'UTF-8'); ?>" />
 <?php } else { ?>
diff --git a/app/layout/nav_menu.phtml b/app/layout/nav_menu.phtml
index 92268ff67..17655acbf 100644
--- a/app/layout/nav_menu.phtml
+++ b/app/layout/nav_menu.phtml
@@ -88,6 +88,7 @@
 		        type="submit"><?php echo _t('gen.action.mark_read'); ?></button>
 
 		<div class="dropdown">
+			<input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" />
 			<div id="dropdown-read" class="dropdown-target"></div>
 
 			<a class="dropdown-toggle btn" href="#dropdown-read"><?php echo _i('down'); ?></a>