From d3e50b8ffd959dd555fb8e4557950ba5e7cdbdcc Mon Sep 17 00:00:00 2001 From: akuma06 Date: Sun, 15 Oct 2017 01:34:45 +0200 Subject: [PATCH] Fix User delete button (#1662) * Fix User delete button Fix #1652 This bug comes from the fact that @kiloutre edited how the form behave and instead of a GET request, do a POST one. However every POST request not in /api or /mod need a CSRF Token to work. * Update userlist.jet.html * Update index.jet.html --- templates/admin/index.jet.html | 2 ++ templates/admin/userlist.jet.html | 2 ++ templates/site/user/edit.jet.html | 1 + 3 files changed, 5 insertions(+) diff --git a/templates/admin/index.jet.html b/templates/admin/index.jet.html index 7a70f0b7..a6cb3505 100644 --- a/templates/admin/index.jet.html +++ b/templates/admin/index.jet.html @@ -1,4 +1,5 @@ {{ extends "layouts/index_admin" }} +{{ import "layouts/partials/helpers/csrf" }} {{ block title()}}{{ T("moderation_overview") }}{{end}} {{ block content_body()}}
@@ -89,6 +90,7 @@ {{if .ID > 0}}
+ {{ yield csrf_field()}}
{{end}} diff --git a/templates/admin/userlist.jet.html b/templates/admin/userlist.jet.html index e2a5969e..3ec9261d 100644 --- a/templates/admin/userlist.jet.html +++ b/templates/admin/userlist.jet.html @@ -1,4 +1,5 @@ {{ extends "layouts/index_admin" }} +{{ import "layouts/partials/helpers/csrf" }} {{block title()}}{{ T("users_list") }}{{end}} {{ block content_body()}}
@@ -19,6 +20,7 @@ {{if .ID > 0}}
+ {{ yield csrf_field()}}
{{end}} diff --git a/templates/site/user/edit.jet.html b/templates/site/user/edit.jet.html index 715253ed..00980fb3 100644 --- a/templates/site/user/edit.jet.html +++ b/templates/site/user/edit.jet.html @@ -262,6 +262,7 @@ {{ if User.CurrentOrAdmin(UserProfile.ID) }}
+ {{ yield csrf_field()}}
{{end}}