aboutsummaryrefslogtreecommitdiff
path: root/app/views/user/profile.phtml
diff options
context:
space:
mode:
authorGravatar Alexandre Alapetite <alexandre@alapetite.fr> 2016-08-13 17:49:31 +0200
committerGravatar Alexandre Alapetite <alexandre@alapetite.fr> 2016-08-13 17:49:31 +0200
commite6fd34bdda5d067a9e74714aaae10c89ed998a46 (patch)
tree1a82e54e636f856983e8cd94ec00247eb9987b27 /app/views/user/profile.phtml
parent97efdcac1e38c568b6be313120694e7201d4c69c (diff)
CSRF token, update HTTP Referrer policy to same-origin
https://www.w3.org/TR/referrer-policy/#referrer-policy-no-referrer https://github.com/FreshRSS/FreshRSS/issues/570 https://github.com/FreshRSS/FreshRSS/issues/955 https://github.com/FreshRSS/FreshRSS/issues/1198 https://github.com/FreshRSS/FreshRSS/issues/565 https://github.com/FreshRSS/FreshRSS/issues/554
Diffstat (limited to 'app/views/user/profile.phtml')
-rw-r--r--app/views/user/profile.phtml2
1 files changed, 2 insertions, 0 deletions
diff --git a/app/views/user/profile.phtml b/app/views/user/profile.phtml
index 51a5aed2f..429375e44 100644
--- a/app/views/user/profile.phtml
+++ b/app/views/user/profile.phtml
@@ -4,6 +4,7 @@
<a href="<?php echo _url('index', 'index'); ?>"><?php echo _t('gen.action.back_to_rss_feeds'); ?></a>
<form method="post" action="<?php echo _url('user', 'profile'); ?>">
+ <input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" />
<legend><?php echo _t('conf.profile'); ?></legend>
<div class="form-group">
@@ -52,6 +53,7 @@
<?php if (!FreshRSS_Auth::hasAccess('admin')) { ?>
<form id="crypto-form" method="post" action="<?php echo _url('user', 'delete'); ?>">
+ <input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" />
<legend><?php echo _t('conf.profile.delete'); ?></legend>
<p class="alert alert-warn"><span class="alert-head"><?php echo _t('gen.short.attention'); ?></span> <?php echo _t('conf.profile.delete.warn'); ?></p>
generated by cgit v1.2.3 (git 2.39.1) at 2026-04-28 03:20:48 +0000