diff options
Diffstat (limited to 'app/views')
28 files changed, 89 insertions, 144 deletions
diff --git a/app/views/auth/formLogin.phtml b/app/views/auth/formLogin.phtml index b0083944f..4bbc8ed55 100644 --- a/app/views/auth/formLogin.phtml +++ b/app/views/auth/formLogin.phtml @@ -6,6 +6,7 @@ <?php } ?> <form id="crypto-form" method="post" action="<?php echo _url('auth', 'login'); ?>"> + <input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" /> <div> <label for="username"><?php echo _t('gen.auth.username'); ?></label> <input type="text" id="username" name="username" size="16" required="required" maxlength="16" pattern="[0-9a-zA-Z]{1,16}" autofocus="autofocus" /> diff --git a/app/views/auth/index.phtml b/app/views/auth/index.phtml index 8e4df8c2c..74e692ec5 100644 --- a/app/views/auth/index.phtml +++ b/app/views/auth/index.phtml @@ -4,17 +4,17 @@ <a href="<?php echo _url('index', 'index'); ?>"><?php echo _t('gen.action.back_to_rss_feeds'); ?></a> <form method="post" action="<?php echo _url('auth', 'index'); ?>"> + <input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" /> <legend><?php echo _t('admin.auth.type'); ?></legend> <div class="form-group"> <label class="group-name" for="auth_type"><?php echo _t('admin.auth.type'); ?></label> <div class="group-controls"> <select id="auth_type" name="auth_type" required="required" data-leave-validation="<?php echo FreshRSS_Context::$system_conf->auth_type; ?>"> - <?php if (!in_array(FreshRSS_Context::$system_conf->auth_type, array('form', 'persona', 'http_auth', 'none'))) { ?> + <?php if (!in_array(FreshRSS_Context::$system_conf->auth_type, array('form', 'http_auth', 'none'))) { ?> <option selected="selected"></option> <?php } ?> <option value="form"<?php echo FreshRSS_Context::$system_conf->auth_type === 'form' ? ' selected="selected"' : '', cryptAvailable() ? '' : ' disabled="disabled"'; ?>><?php echo _t('admin.auth.form'); ?></option> - <option value="persona"<?php echo FreshRSS_Context::$system_conf->auth_type === 'persona' ? ' selected="selected"' : '', FreshRSS_Context::$user_conf->mail_login == '' ? ' disabled="disabled"' : ''; ?>><?php echo _t('admin.auth.persona'); ?></option> <option value="http_auth"<?php echo FreshRSS_Context::$system_conf->auth_type === 'http_auth' ? ' selected="selected"' : '', httpAuthUser() == '' ? ' disabled="disabled"' : ''; ?>><?php echo _t('admin.auth.http'); ?> (REMOTE_USER = '<?php echo httpAuthUser(); ?>')</option> <option value="none"<?php echo FreshRSS_Context::$system_conf->auth_type === 'none' ? ' selected="selected"' : ''; ?>><?php echo _t('admin.auth.none'); ?></option> </select> diff --git a/app/views/auth/personaLogin.phtml b/app/views/auth/personaLogin.phtml deleted file mode 100644 index c6d738bf6..000000000 --- a/app/views/auth/personaLogin.phtml +++ /dev/null @@ -1,28 +0,0 @@ -<?php if ($this->res === false) { ?> -<div class="prompt"> - <h1><?php echo _t('gen.auth.login'); ?></h1> - - <?php if (!max_registrations_reached()) { ?> - <a href="<?php echo _url('auth', 'register'); ?>"><?php echo _t('gen.auth.registration.ask'); ?></a> - <?php } ?> - - <p> - <a class="signin btn btn-important" href="<?php echo _url('auth', 'login'); ?>"> - <?php echo _i('login'); ?> <?php echo _t('gen.auth.login_persona'); ?> - </a> - - <br /><br /> - - <?php echo _i('help'); ?> - <small> - <a href="<?php echo _url('auth', 'reset'); ?>"><?php echo _t('gen.auth.login_persona_problem'); ?></a> - </small> - </p> - - <p><a href="<?php echo _url('index', 'about'); ?>"><?php echo _t('gen.freshrss.about'); ?></a></p> -</div> -<?php -} else { - echo json_encode($this->res); -} -?> diff --git a/app/views/auth/register.phtml b/app/views/auth/register.phtml index 306679601..1f9976391 100644 --- a/app/views/auth/register.phtml +++ b/app/views/auth/register.phtml @@ -1,38 +1,34 @@ <div class="prompt"> - <h1><?php echo _t('gen.auth.registration'); ?></h1> + <h1><?php echo _t('gen.auth.registration'); ?></h1> - <form method="post" action="<?php echo _url('user', 'create'); ?>"> - <div> - <label class="group-name" for="new_user_name"><?php echo _t('gen.auth.username'), '<br />', _i('help'), ' ', _t('gen.auth.username.format'); ?></label> - <input id="new_user_name" name="new_user_name" type="text" size="16" required="required" maxlength="16" autocomplete="off" pattern="[0-9a-zA-Z]{1,16}" /> - </div> + <form method="post" action="<?php echo _url('user', 'create'); ?>"> + <input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" /> + <div> + <label class="group-name" for="new_user_name"><?php echo _t('gen.auth.username'), '<br />', _i('help'), ' ', _t('gen.auth.username.format'); ?></label> + <input id="new_user_name" name="new_user_name" type="text" size="16" required="required" maxlength="16" autocomplete="off" pattern="[0-9a-zA-Z]{1,16}" /> + </div> - <div> - <label class="group-name" for="new_user_passwordPlain"><?php echo _t('gen.auth.password'), '<br />', _i('help'), ' ', _t('gen.auth.password.format'); ?></label> - <div class="stick"> - <input type="password" id="new_user_passwordPlain" name="new_user_passwordPlain" required="required" autocomplete="off" pattern=".{7,}" /> - <a class="btn toggle-password" data-toggle="new_user_passwordPlain"><?php echo _i('key'); ?></a> - </div> - <noscript><b><?php echo _t('gen.js.should_be_activated'); ?></b></noscript> - </div> + <div> + <label class="group-name" for="new_user_passwordPlain"><?php echo _t('gen.auth.password'), '<br />', _i('help'), ' ', _t('gen.auth.password.format'); ?></label> + <div class="stick"> + <input type="password" id="new_user_passwordPlain" name="new_user_passwordPlain" required="required" autocomplete="off" pattern=".{7,}" /> + <a class="btn toggle-password" data-toggle="new_user_passwordPlain"><?php echo _i('key'); ?></a> + </div> + <noscript><b><?php echo _t('gen.js.should_be_activated'); ?></b></noscript> + </div> - <div> - <label class="group-name" for="new_user_email"><?php echo _t('gen.auth.email'); ?></label> - <input type="email" id="new_user_email" name="new_user_email" class="extend" required="required" autocomplete="off" /> - </div> + <div> + <?php + $redirect_url = urlencode(Minz_Url::display( + array('c' => 'index', 'a' => 'index'), + 'php', true + )); + ?> + <input type="hidden" name="r" value="<?php echo $redirect_url; ?>" /> + <button type="submit" class="btn btn-important"><?php echo _t('gen.action.create'); ?></button> + <a class="btn" href="<?php echo _url('index', 'index'); ?>"><?php echo _t('gen.action.cancel'); ?></a> + </div> + </form> - <div> - <?php - $redirect_url = urlencode(Minz_Url::display( - array('c' => 'index', 'a' => 'index'), - 'php', true - )); - ?> - <input type="hidden" name="r" value="<?php echo $redirect_url; ?>" /> - <button type="submit" class="btn btn-important"><?php echo _t('gen.action.create'); ?></button> - <a class="btn" href="<?php echo _url('index', 'index'); ?>"><?php echo _t('gen.action.cancel'); ?></a> - </div> - </form> - - <p><a href="<?php echo _url('index', 'about'); ?>"><?php echo _t('gen.freshrss.about'); ?></a></p> + <p><a href="<?php echo _url('index', 'about'); ?>"><?php echo _t('gen.freshrss.about'); ?></a></p> </div> diff --git a/app/views/auth/reset.phtml b/app/views/auth/reset.phtml deleted file mode 100644 index 9c820c7c8..000000000 --- a/app/views/auth/reset.phtml +++ /dev/null @@ -1,33 +0,0 @@ -<div class="prompt"> - <h1><?php echo _t('gen.auth.reset'); ?></h1> - - <?php if (!empty($this->message)) { ?> - <p class="alert <?php echo $this->message['status'] === 'bad' ? 'alert-error' : 'alert-warn'; ?>"> - <span class="alert-head"><?php echo $this->message['title']; ?></span><br /> - <?php echo $this->message['body']; ?> - </p> - <?php } ?> - - <?php if (!$this->no_form) { ?> - <form id="crypto-form" method="post" action="<?php echo _url('auth', 'reset'); ?>"> - <p class="alert alert-warn"> - <span class="alert-head"><?php echo _t('gen.short.attention'); ?></span><br /> - <?php echo _t('gen.auth.will_reset'); ?> - </p> - - <div> - <label for="username"><?php echo _t('gen.auth.username.admin'); ?></label> - <input type="text" id="username" name="username" size="16" required="required" maxlength="16" pattern="[0-9a-zA-Z]{1,16}" autofocus="autofocus" /> - </div> - <div> - <label for="passwordPlain"><?php echo _t('gen.auth.password'); ?></label> - <input type="password" id="passwordPlain" required="required" /> - <input type="hidden" id="challenge" name="challenge" /><br /> - <noscript><strong><?php echo _t('gen.js.should_be_activated'); ?></strong></noscript> - </div> - <div> - <button id="loginButton" type="submit" class="btn btn-important"><?php echo _t('gen.action.submit'); ?></button> - </div> - </form> - <?php } ?> -</div> diff --git a/app/views/configure/archiving.phtml b/app/views/configure/archiving.phtml index 52ee98a48..2254f5dba 100644 --- a/app/views/configure/archiving.phtml +++ b/app/views/configure/archiving.phtml @@ -4,6 +4,7 @@ <a href="<?php echo _url('index', 'index'); ?>"><?php echo _t('gen.action.back_to_rss_feeds'); ?></a> <form method="post" action="<?php echo _url('configure', 'archiving'); ?>"> + <input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" /> <legend><?php echo _t('conf.archiving'); ?></legend> <p><?php echo _i('help'); ?> <?php echo _t('conf.archiving.help'); ?></p> @@ -55,6 +56,7 @@ </form> <form method="post" action="<?php echo _url('entry', 'optimize'); ?>"> + <input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" /> <legend><?php echo _t('conf.archiving.advanced'); ?></legend> <div class="form-group"> diff --git a/app/views/configure/display.phtml b/app/views/configure/display.phtml index db6d7951c..62ecc1080 100644 --- a/app/views/configure/display.phtml +++ b/app/views/configure/display.phtml @@ -4,6 +4,7 @@ <a href="<?php echo _url('index', 'index'); ?>"><?php echo _t('gen.action.back_to_rss_feeds'); ?></a> <form method="post" action="<?php echo _url('configure', 'display'); ?>"> + <input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" /> <legend><?php echo _t('conf.display'); ?></legend> <div class="form-group"> diff --git a/app/views/configure/queries.phtml b/app/views/configure/queries.phtml index 50df4cfea..0dffa268d 100644 --- a/app/views/configure/queries.phtml +++ b/app/views/configure/queries.phtml @@ -4,6 +4,7 @@ <a href="<?php echo _url('index', 'index'); ?>"><?php echo _t('gen.action.back_to_rss_feeds'); ?></a> <form method="post" action="<?php echo _url('configure', 'queries'); ?>"> + <input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" /> <legend><?php echo _t('conf.query'); ?></legend> <?php foreach ($this->queries as $key => $query) { ?> diff --git a/app/views/configure/reading.phtml b/app/views/configure/reading.phtml index 9c54b6bd5..07dabf15f 100644 --- a/app/views/configure/reading.phtml +++ b/app/views/configure/reading.phtml @@ -4,6 +4,7 @@ <a href="<?php echo _url('index', 'index'); ?>"><?php echo _t('gen.action.back_to_rss_feeds'); ?></a> <form method="post" action="<?php echo _url('configure', 'reading'); ?>"> + <input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" /> <legend><?php echo _t('conf.reading'); ?></legend> <div class="form-group"> diff --git a/app/views/configure/sharing.phtml b/app/views/configure/sharing.phtml index 7bf435777..0dad5bf6d 100644 --- a/app/views/configure/sharing.phtml +++ b/app/views/configure/sharing.phtml @@ -15,6 +15,7 @@ <a href="#" class="remove btn btn-attention" data-remove="group-share-##key##"><?php echo _i('close'); ?></a></div> <a target="_blank" class="btn" title="<?php echo _t('conf.sharing.more_information'); ?>" href="##help##"><?php echo _i('help'); ?></a> </div></div>'> + <input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" /> <legend><?php echo _t('conf.sharing'); ?></legend> <?php foreach (FreshRSS_Context::$user_conf->sharing as $key => $share_options) { diff --git a/app/views/configure/shortcut.phtml b/app/views/configure/shortcut.phtml index 264a5f805..dceeb17de 100644 --- a/app/views/configure/shortcut.phtml +++ b/app/views/configure/shortcut.phtml @@ -12,6 +12,7 @@ <?php $s = FreshRSS_Context::$user_conf->shortcuts; ?> <form method="post" action="<?php echo _url('configure', 'shortcut'); ?>"> + <input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" /> <legend><?php echo _t('conf.shortcut'); ?></legend> <noscript><p class="alert alert-error"><?php echo _t('conf.shortcut.javascript'); ?></p></noscript> diff --git a/app/views/configure/system.phtml b/app/views/configure/system.phtml index 4af669eb0..935b49fda 100644 --- a/app/views/configure/system.phtml +++ b/app/views/configure/system.phtml @@ -4,6 +4,7 @@ <a href="<?php echo _url('index', 'index'); ?>"><?php echo _t('gen.action.back_to_rss_feeds'); ?></a> <form method="post" action="<?php echo _url('configure', 'system'); ?>"> + <input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" /> <legend><?php echo _t('admin.system'); ?></legend> <div class="form-group"> diff --git a/app/views/entry/bookmark.phtml b/app/views/entry/bookmark.phtml index 6b5a4ed03..d85706669 100755 --- a/app/views/entry/bookmark.phtml +++ b/app/views/entry/bookmark.phtml @@ -1,17 +1,16 @@ <?php header('Content-Type: application/json; charset=UTF-8'); -if (Minz_Request::param('is_favorite', true)) { - Minz_Request::_param('is_favorite', 0); -} else { - Minz_Request::_param('is_favorite', 1); -} - -$url = Minz_Url::display(array( +$url = array( 'c' => Minz_Request::controllerName(), 'a' => Minz_Request::actionName(), - 'params' => Minz_Request::params(), -)); + 'params' => Minz_Request::fetchGET(), +); + +$url['params']['is_favorite'] = Minz_Request::param('is_favorite', true) ? '0' : '1'; FreshRSS::loadStylesAndScripts(); -echo json_encode(array('url' => str_ireplace('&', '&', $url), 'icon' => _i(Minz_Request::param('is_favorite') ? 'non-starred' : 'starred'))); +echo json_encode(array( + 'url' => str_ireplace('&', '&', Minz_Url::display($url)), + 'icon' => _i($url['params']['is_favorite'] === '1' ? 'non-starred' : 'starred') + )); diff --git a/app/views/entry/read.phtml b/app/views/entry/read.phtml index 7d0e3de82..73977d94b 100755 --- a/app/views/entry/read.phtml +++ b/app/views/entry/read.phtml @@ -1,17 +1,16 @@ <?php header('Content-Type: application/json; charset=UTF-8'); -if (Minz_Request::param('is_read', true)) { - Minz_Request::_param('is_read', 0); -} else { - Minz_Request::_param('is_read', 1); -} - -$url = Minz_Url::display(array( +$url = array( 'c' => Minz_Request::controllerName(), 'a' => Minz_Request::actionName(), - 'params' => Minz_Request::params(), -)); + 'params' => Minz_Request::fetchGET(), +); + +$url['params']['is_read'] = Minz_Request::param('is_read', true) ? '0' : '1'; FreshRSS::loadStylesAndScripts(); -echo json_encode(array('url' => str_ireplace('&', '&', $url), 'icon' => _i(Minz_Request::param('is_read') ? 'unread' : 'read'))); +echo json_encode(array( + 'url' => str_ireplace('&', '&', Minz_Url::display($url)), + 'icon' => _i($url['params']['is_read'] === '1' ? 'unread' : 'read') + )); diff --git a/app/views/extension/index.phtml b/app/views/extension/index.phtml index 4b0d5ebeb..7cb16bfff 100644 --- a/app/views/extension/index.phtml +++ b/app/views/extension/index.phtml @@ -5,7 +5,8 @@ <h1><?php echo _t('admin.extensions.title'); ?></h1> - <form id="form-extension" method="post" aria-hidden="true"></form> + <form id="form-extension" method="post"> + <input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" /> <?php if (!empty($this->extension_list['system'])) { ?> <h2><?php echo _t('admin.extensions.system'); ?></h2> <?php @@ -31,6 +32,7 @@ ?> <p class="alert alert-warn"><?php echo _t('admin.extensions.empty_list'); ?></p> <?php } ?> + </form> </div> <?php $class = isset($this->extension) ? ' class="active"' : ''; ?> diff --git a/app/views/feed/add.phtml b/app/views/feed/add.phtml index fd6d41b1d..caf685d79 100644 --- a/app/views/feed/add.phtml +++ b/app/views/feed/add.phtml @@ -7,6 +7,7 @@ <?php } ?> <form method="post" action="<?php echo _url('feed', 'add'); ?>" autocomplete="off"> + <input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" /> <legend><?php echo _t('sub.feed.informations'); ?></legend> <?php if ($this->load_ok) { ?> <div class="form-group"> diff --git a/app/views/helpers/feed/update.phtml b/app/views/helpers/feed/update.phtml index 72084d8fa..b7e8f68cd 100644 --- a/app/views/helpers/feed/update.phtml +++ b/app/views/helpers/feed/update.phtml @@ -18,6 +18,7 @@ <?php } ?> <form method="post" action="<?php echo _url('subscription', 'feed', 'id', $this->feed->id()); ?>" autocomplete="off"> + <input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" /> <legend><?php echo _t('sub.feed.informations'); ?></legend> <div class="form-group"> <label class="group-name" for="name"><?php echo _t('sub.feed.title'); ?></label> diff --git a/app/views/helpers/javascript_vars.phtml b/app/views/helpers/javascript_vars.phtml index 6178cacf2..745baa195 100644 --- a/app/views/helpers/javascript_vars.phtml +++ b/app/views/helpers/javascript_vars.phtml @@ -1,6 +1,5 @@ <?php $mark = FreshRSS_Context::$user_conf->mark_when; -$mail = Minz_Session::param('mail', false); $s = FreshRSS_Context::$user_conf->shortcuts; echo htmlspecialchars(json_encode(array( 'context' => array( @@ -16,8 +15,8 @@ echo htmlspecialchars(json_encode(array( 'sticky_post' => !!FreshRSS_Context::isStickyPostEnabled(), 'html5_notif_timeout' => FreshRSS_Context::$user_conf->html5_notif_timeout, 'auth_type' => FreshRSS_Context::$system_conf->auth_type, - 'current_user_mail' => $mail ? ('"' . $mail . '"') : null, 'current_view' => Minz_Request::actionName(), + 'csrf' => FreshRSS_Auth::csrfToken(), ), 'shortcuts' => array( 'mark_read' => @$s['mark_read'], diff --git a/app/views/helpers/logs_pagination.phtml b/app/views/helpers/logs_pagination.phtml index 58b3c68f4..bf9d91f04 100755 --- a/app/views/helpers/logs_pagination.phtml +++ b/app/views/helpers/logs_pagination.phtml @@ -1,7 +1,7 @@ <?php $c = Minz_Request::controllerName(); $a = Minz_Request::actionName(); - $params = Minz_Request::params(); + $params = Minz_Request::fetchGET(); ?> <?php if ($this->nbPage > 1) { ?> diff --git a/app/views/helpers/pagination.phtml b/app/views/helpers/pagination.phtml index 7eca8c525..20957fc67 100755 --- a/app/views/helpers/pagination.phtml +++ b/app/views/helpers/pagination.phtml @@ -10,12 +10,14 @@ 'get' => FreshRSS_Context::currentGet(), 'nextGet' => FreshRSS_Context::$next_get, 'idMax' => FreshRSS_Context::$id_max, + 'search' => FreshRSS_Context::$search, + 'state' => FreshRSS_Context::$state, ) ); ?> -<form id="mark-read-pagination" method="post" aria-hidden="true"></form> - +<form id="mark-read-pagination" method="post"> +<input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" /> <ul class="pagination"> <li class="item pager-next"> <?php if (FreshRSS_Context::$next_id) { ?> @@ -39,3 +41,4 @@ <?php } ?> </li> </ul> +</form> diff --git a/app/views/importExport/index.phtml b/app/views/importExport/index.phtml index a64524bf1..c0bc412c3 100644 --- a/app/views/importExport/index.phtml +++ b/app/views/importExport/index.phtml @@ -4,6 +4,7 @@ <a href="<?php echo _url('index', 'index'); ?>"><?php echo _t('gen.action.back_to_rss_feeds'); ?></a> <form method="post" action="<?php echo _url('importExport', 'import'); ?>" enctype="multipart/form-data"> + <input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" /> <legend><?php echo _t('sub.import_export.import'); ?></legend> <div class="form-group"> <label class="group-name" for="file"> @@ -23,6 +24,7 @@ <?php if (count($this->feeds) > 0) { ?> <form method="post" action="<?php echo _url('importExport', 'export'); ?>"> + <input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" /> <legend><?php echo _t('sub.import_export.export'); ?></legend> <div class="form-group"> <div class="group-controls"> diff --git a/app/views/index/global.phtml b/app/views/index/global.phtml index 0ffa3bc54..1e53e4f8c 100644 --- a/app/views/index/global.phtml +++ b/app/views/index/global.phtml @@ -14,7 +14,7 @@ $url_base = array( 'c' => 'index', 'a' => 'normal', - 'params' => Minz_Request::params() + 'params' => Minz_Request::fetchGET(), ); foreach ($this->categories as $cat) { diff --git a/app/views/index/logs.phtml b/app/views/index/logs.phtml index 02256bd98..a88f89278 100644 --- a/app/views/index/logs.phtml +++ b/app/views/index/logs.phtml @@ -3,6 +3,7 @@ <h1><?php echo _t('index.log'); ?></h1> <form method="post" action="<?php echo _url('index', 'logs'); ?>"><p> + <input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" /> <input type="hidden" name="clearLogs" /> <button type="submit" class="btn"><?php echo _t('index.log.clear'); ?></button> </p></form> @@ -10,7 +11,7 @@ <?php $items = $this->logsPaginator->items(); ?> <?php if (!empty($items)) { ?> - <div class="logs"> + <div class="loglist"> <?php $this->logsPaginator->render('logs_pagination.phtml', 'page'); ?> <?php foreach ($items as $log) { ?> diff --git a/app/views/stats/idle.phtml b/app/views/stats/idle.phtml index ba88b679f..88c78d465 100644 --- a/app/views/stats/idle.phtml +++ b/app/views/stats/idle.phtml @@ -18,8 +18,8 @@ <div class="stat"> <h2><?php echo _t('gen.date.' . $period); ?></h2> - <form id="form-delete" method="post" aria-hidden="true"></form> - + <form id="form-delete" method="post"> + <input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" /> <?php foreach ($feeds as $feed) { ?> <ul class="horizontal-list"> <li class="item"> @@ -34,6 +34,7 @@ </li> </ul> <?php } ?> + </form> </div> <?php } diff --git a/app/views/subscription/index.phtml b/app/views/subscription/index.phtml index 07cebf817..48f760d3e 100644 --- a/app/views/subscription/index.phtml +++ b/app/views/subscription/index.phtml @@ -6,6 +6,7 @@ <h2><?php echo _t('sub.title'); ?></h2> <form id="add_rss" method="post" action="<?php echo _url('feed', 'add'); ?>" autocomplete="off"> + <input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" /> <div class="stick"> <input type="url" name="url_rss" class="long" placeholder="<?php echo _t('sub.feed.add'); ?>" /> <div class="dropdown"> @@ -56,13 +57,16 @@ <ul class="box-content box-content-centered"> <form action="<?php echo _url('category', 'create'); ?>" method="post"> + <input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" /> <li class="item"><input type="text" id="new-category" name="new-category" placeholder="<?php echo _t('sub.category.new'); ?>" /></li> <li class="item"><button class="btn btn-important" type="submit"><?php echo _t('gen.action.submit'); ?></button></li> </form> </ul> </div> - <form id="controller-category" method="post" aria-hidden="true"></form> + <form id="controller-category" method="post" aria-hidden="true"> + <input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" /> + </form> <?php foreach ($this->categories as $cat) { @@ -71,6 +75,7 @@ <div class="box"> <div class="box-title"> <form action="<?php echo _url('category', 'update', 'id', $cat->id()); ?>" method="post"> + <input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" /> <input type="text" name="name" value="<?php echo $cat->name(); ?>" /> <div class="dropdown"> diff --git a/app/views/update/checkInstall.phtml b/app/views/update/checkInstall.phtml index ed3858b56..543ab43de 100644 --- a/app/views/update/checkInstall.phtml +++ b/app/views/update/checkInstall.phtml @@ -9,7 +9,7 @@ <p class="alert <?php echo $status ? 'alert-success' : 'alert-error'; ?>"> <?php if ($key === 'php') { - echo _t('admin.check_install.' . $key . '.' . ($status ? 'ok' : 'nok'), PHP_VERSION, '5.3.0'); + echo _t('admin.check_install.' . $key . '.' . ($status ? 'ok' : 'nok'), PHP_VERSION, '5.3.3'); } else { echo _t('admin.check_install.' . $key . '.' . ($status ? 'ok' : 'nok')); } diff --git a/app/views/user/manage.phtml b/app/views/user/manage.phtml index fe1b6618b..aab3aa4c4 100644 --- a/app/views/user/manage.phtml +++ b/app/views/user/manage.phtml @@ -4,6 +4,7 @@ <a href="<?php echo _url('index', 'index'); ?>"><?php echo _t('gen.action.back_to_rss_feeds'); ?></a> <form method="post" action="<?php echo _url('user', 'create'); ?>"> + <input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" /> <legend><?php echo _t('admin.user.create'); ?></legend> <div class="form-group"> @@ -37,14 +38,6 @@ </div> </div> - <div class="form-group"> - <label class="group-name" for="new_user_email"><?php echo _t('admin.user.email_persona'); ?></label> - <?php $mail = FreshRSS_Context::$user_conf->mail_login; ?> - <div class="group-controls"> - <input type="email" id="new_user_email" name="new_user_email" class="extend" autocomplete="off" placeholder="alice@example.net" /> - </div> - </div> - <div class="form-group form-actions"> <div class="group-controls"> <button type="submit" class="btn btn-important"><?php echo _t('gen.action.create'); ?></button> @@ -54,6 +47,7 @@ </form> <form method="post" action="<?php echo _url('user', 'delete'); ?>"> + <input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" /> <legend><?php echo _t('admin.user.users'); ?></legend> <div class="form-group"> diff --git a/app/views/user/profile.phtml b/app/views/user/profile.phtml index 7ae2c7ede..429375e44 100644 --- a/app/views/user/profile.phtml +++ b/app/views/user/profile.phtml @@ -4,6 +4,7 @@ <a href="<?php echo _url('index', 'index'); ?>"><?php echo _t('gen.action.back_to_rss_feeds'); ?></a> <form method="post" action="<?php echo _url('user', 'profile'); ?>"> + <input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" /> <legend><?php echo _t('conf.profile'); ?></legend> <div class="form-group"> @@ -37,19 +38,11 @@ <input type="password" id="apiPasswordPlain" name="apiPasswordPlain" autocomplete="off" pattern=".{7,}" <?php echo cryptAvailable() ? '' : 'disabled="disabled" '; ?>/> <a class="btn toggle-password" data-toggle="apiPasswordPlain"><?php echo _i('key'); ?></a> </div> + <?php echo _i('help'); ?> <kbd><a href="../api/"><?php echo Minz_Url::display('/api/greader.php', 'html', true); ?></a></kbd> </div> </div> <?php } ?> - <div class="form-group"> - <label class="group-name" for="mail_login"><?php echo _t('conf.profile.email_persona'); ?></label> - <?php $mail = FreshRSS_Context::$user_conf->mail_login; ?> - <div class="group-controls"> - <input type="email" id="mail_login" name="mail_login" class="extend" autocomplete="off" value="<?php echo $mail; ?>" <?php echo FreshRSS_Auth::hasAccess('admin') ? '' : 'disabled="disabled"'; ?> placeholder="alice@example.net" /> - <noscript><b><?php echo _t('gen.js.should_be_activated'); ?></b></noscript> - </div> - </div> - <div class="form-group form-actions"> <div class="group-controls"> <button type="submit" class="btn btn-important"><?php echo _t('gen.action.submit'); ?></button> @@ -60,6 +53,7 @@ <?php if (!FreshRSS_Auth::hasAccess('admin')) { ?> <form id="crypto-form" method="post" action="<?php echo _url('user', 'delete'); ?>"> + <input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" /> <legend><?php echo _t('conf.profile.delete'); ?></legend> <p class="alert alert-warn"><span class="alert-head"><?php echo _t('gen.short.attention'); ?></span> <?php echo _t('conf.profile.delete.warn'); ?></p> |