diff options
Diffstat (limited to 'app/views/user')
| -rw-r--r-- | app/views/user/manage.phtml | 10 | ||||
| -rw-r--r-- | app/views/user/profile.phtml | 12 |
2 files changed, 5 insertions, 17 deletions
diff --git a/app/views/user/manage.phtml b/app/views/user/manage.phtml index fe1b6618b..aab3aa4c4 100644 --- a/app/views/user/manage.phtml +++ b/app/views/user/manage.phtml @@ -4,6 +4,7 @@ <a href="<?php echo _url('index', 'index'); ?>"><?php echo _t('gen.action.back_to_rss_feeds'); ?></a> <form method="post" action="<?php echo _url('user', 'create'); ?>"> + <input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" /> <legend><?php echo _t('admin.user.create'); ?></legend> <div class="form-group"> @@ -37,14 +38,6 @@ </div> </div> - <div class="form-group"> - <label class="group-name" for="new_user_email"><?php echo _t('admin.user.email_persona'); ?></label> - <?php $mail = FreshRSS_Context::$user_conf->mail_login; ?> - <div class="group-controls"> - <input type="email" id="new_user_email" name="new_user_email" class="extend" autocomplete="off" placeholder="alice@example.net" /> - </div> - </div> - <div class="form-group form-actions"> <div class="group-controls"> <button type="submit" class="btn btn-important"><?php echo _t('gen.action.create'); ?></button> @@ -54,6 +47,7 @@ </form> <form method="post" action="<?php echo _url('user', 'delete'); ?>"> + <input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" /> <legend><?php echo _t('admin.user.users'); ?></legend> <div class="form-group"> diff --git a/app/views/user/profile.phtml b/app/views/user/profile.phtml index 7ae2c7ede..429375e44 100644 --- a/app/views/user/profile.phtml +++ b/app/views/user/profile.phtml @@ -4,6 +4,7 @@ <a href="<?php echo _url('index', 'index'); ?>"><?php echo _t('gen.action.back_to_rss_feeds'); ?></a> <form method="post" action="<?php echo _url('user', 'profile'); ?>"> + <input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" /> <legend><?php echo _t('conf.profile'); ?></legend> <div class="form-group"> @@ -37,19 +38,11 @@ <input type="password" id="apiPasswordPlain" name="apiPasswordPlain" autocomplete="off" pattern=".{7,}" <?php echo cryptAvailable() ? '' : 'disabled="disabled" '; ?>/> <a class="btn toggle-password" data-toggle="apiPasswordPlain"><?php echo _i('key'); ?></a> </div> + <?php echo _i('help'); ?> <kbd><a href="../api/"><?php echo Minz_Url::display('/api/greader.php', 'html', true); ?></a></kbd> </div> </div> <?php } ?> - <div class="form-group"> - <label class="group-name" for="mail_login"><?php echo _t('conf.profile.email_persona'); ?></label> - <?php $mail = FreshRSS_Context::$user_conf->mail_login; ?> - <div class="group-controls"> - <input type="email" id="mail_login" name="mail_login" class="extend" autocomplete="off" value="<?php echo $mail; ?>" <?php echo FreshRSS_Auth::hasAccess('admin') ? '' : 'disabled="disabled"'; ?> placeholder="alice@example.net" /> - <noscript><b><?php echo _t('gen.js.should_be_activated'); ?></b></noscript> - </div> - </div> - <div class="form-group form-actions"> <div class="group-controls"> <button type="submit" class="btn btn-important"><?php echo _t('gen.action.submit'); ?></button> @@ -60,6 +53,7 @@ <?php if (!FreshRSS_Auth::hasAccess('admin')) { ?> <form id="crypto-form" method="post" action="<?php echo _url('user', 'delete'); ?>"> + <input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" /> <legend><?php echo _t('conf.profile.delete'); ?></legend> <p class="alert alert-warn"><span class="alert-head"><?php echo _t('gen.short.attention'); ?></span> <?php echo _t('conf.profile.delete.warn'); ?></p> |