zydronium/neocities
1
0
Fork 0
mirror of https://github.com/neocities/neocities.git synced 2025-04-28 19:22:32 +02:00
Code Issues Projects Releases Packages Wiki Activity

site profile: no csrf/flash unless signed in

Browse source
This commit is contained in:
Kyle Drake 2025-04-26 17:34:34 -05:00
parent 380bd5f484
commit 369f1655a9
2 changed files with 69 additions and 65 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
views/_tags.erb
View file

@ -19,7 +19,8 @@
<% end %> <% end %>
<% end %> <% end %>
<div class="modal hide" id="addTag" tabindex="-1" role="dialog" aria-labelledby="addTagLabel" aria-hidden="true"> <% if current_site && current_site == site %>
<div class="modal hide" id="addTag" tabindex="-1" role="dialog" aria-labelledby="addTagLabel" aria-hidden="true">
<form method="POST" action="/tags/add"> <form method="POST" action="/tags/add">
<input type="hidden" value="<%= csrf_token %>" name="csrf_token"> <input type="hidden" value="<%= csrf_token %>" name="csrf_token">
<div class="modal-header"> <div class="modal-header">
@ -37,9 +38,9 @@
<button type="submit" class="btn-Action">Add Tag</button> <button type="submit" class="btn-Action">Add Tag</button>
</div> </div>
</form> </form>
</div> </div>
<div class="modal hide" id="removeTag" tabindex="-1" role="dialog" aria-labelledby="removeTagLabel" aria-hidden="true"> <div class="modal hide" id="removeTag" tabindex="-1" role="dialog" aria-labelledby="removeTagLabel" aria-hidden="true">
<form method="POST" action="/tags/remove"> <form method="POST" action="/tags/remove">
<input type="hidden" value="<%= csrf_token %>" name="csrf_token"> <input type="hidden" value="<%= csrf_token %>" name="csrf_token">
<div class="modal-header"> <div class="modal-header">
@ -60,4 +61,5 @@
<button type="submit" class="btn-Action">Remove Tag(s)</button> <button type="submit" class="btn-Action">Remove Tag(s)</button>
</div> </div>
</form> </form>
</div> </div>
<% end %>

8
views/site.erb
View file

@ -1,5 +1,5 @@
<div class="header-Outro with-site-image"> <div class="header-Outro with-site-image">
<% if flash.keys.length > 0 %> <% if current_site && flash.keys.length > 0 %>
<div class="row content"> <div class="row content">
<div class="alert txt-Center"> <div class="alert txt-Center">
<% flash.keys.each do |key| %> <% flash.keys.each do |key| %>
@ -90,7 +90,8 @@
</div></div> </div></div>
</div> </div>
<div class="modal hide" id="block" tabindex="-1" role="dialog" aria-labelledby="blockLabel" aria-hidden="true"> <% if current_site %>
<div class="modal hide" id="block" tabindex="-1" role="dialog" aria-labelledby="blockLabel" aria-hidden="true">
<form method="POST" action="/site/<%= site.username %>/block"> <form method="POST" action="/site/<%= site.username %>/block">
<input type="hidden" value="<%= csrf_token %>" name="csrf_token"> <input type="hidden" value="<%= csrf_token %>" name="csrf_token">
<div class="modal-header"> <div class="modal-header">
@ -114,4 +115,5 @@
<button type="submit" class="btn-Action">Block Site</button> <button type="submit" class="btn-Action">Block Site</button>
</div> </div>
</form> </form>
</div> </div>
<% end %>