aboutsummaryrefslogtreecommitdiff
path: root/app/views/user/profile.phtml
diff options
context:
space:
mode:
Diffstat (limited to 'app/views/user/profile.phtml')
-rw-r--r--app/views/user/profile.phtml12
1 files changed, 3 insertions, 9 deletions
diff --git a/app/views/user/profile.phtml b/app/views/user/profile.phtml
index 7ae2c7ede..429375e44 100644
--- a/app/views/user/profile.phtml
+++ b/app/views/user/profile.phtml
@@ -4,6 +4,7 @@
<a href="<?php echo _url('index', 'index'); ?>"><?php echo _t('gen.action.back_to_rss_feeds'); ?></a>
<form method="post" action="<?php echo _url('user', 'profile'); ?>">
+ <input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" />
<legend><?php echo _t('conf.profile'); ?></legend>
<div class="form-group">
@@ -37,19 +38,11 @@
<input type="password" id="apiPasswordPlain" name="apiPasswordPlain" autocomplete="off" pattern=".{7,}" <?php echo cryptAvailable() ? '' : 'disabled="disabled" '; ?>/>
<a class="btn toggle-password" data-toggle="apiPasswordPlain"><?php echo _i('key'); ?></a>
</div>
+ <?php echo _i('help'); ?> <kbd><a href="../api/"><?php echo Minz_Url::display('/api/greader.php', 'html', true); ?></a></kbd>
</div>
</div>
<?php } ?>
- <div class="form-group">
- <label class="group-name" for="mail_login"><?php echo _t('conf.profile.email_persona'); ?></label>
- <?php $mail = FreshRSS_Context::$user_conf->mail_login; ?>
- <div class="group-controls">
- <input type="email" id="mail_login" name="mail_login" class="extend" autocomplete="off" value="<?php echo $mail; ?>" <?php echo FreshRSS_Auth::hasAccess('admin') ? '' : 'disabled="disabled"'; ?> placeholder="alice@example.net" />
- <noscript><b><?php echo _t('gen.js.should_be_activated'); ?></b></noscript>
- </div>
- </div>
-
<div class="form-group form-actions">
<div class="group-controls">
<button type="submit" class="btn btn-important"><?php echo _t('gen.action.submit'); ?></button>
@@ -60,6 +53,7 @@
<?php if (!FreshRSS_Auth::hasAccess('admin')) { ?>
<form id="crypto-form" method="post" action="<?php echo _url('user', 'delete'); ?>">
+ <input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" />
<legend><?php echo _t('conf.profile.delete'); ?></legend>
<p class="alert alert-warn"><span class="alert-head"><?php echo _t('gen.short.attention'); ?></span> <?php echo _t('conf.profile.delete.warn'); ?></p>
generated by cgit v1.2.3 (git 2.39.1) at 2026-02-10 10:05:01 +0000