tdsds.com/gitea
1
1
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2025-07-23 02:38:35 +00:00
Code Releases Activity

add csrf check

Browse Source
This commit is contained in:
slene
2014-03-23 01:44:02 +08:00
parent 01e781dedb
commit 076fc98d98
18 changed files with 208 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
templates/admin/users/edit.tmpl
View File

@@ -12,6 +12,7 @@
<br/>
<form action="/admin/users/{{.User.Id}}" method="post" class="form-horizontal">
{{if .IsSuccess}}<p class="alert alert-success">Account profile has been successfully updated.</p>{{else if .HasError}}<p class="alert alert-danger form-error">{{.ErrorMsg}}</p>{{end}}
{{.CsrfTokenHtml}}
<input type="hidden" value="{{.User.Id}}" name="userId"/>
<div class="form-group">
<label class="col-md-3 control-label">Username: </label>

1
templates/admin/users/new.tmpl
View File

@@ -11,6 +11,7 @@
<div class="panel-body">
<br/>
<form action="/admin/users/new" method="post" class="form-horizontal">
{{.CsrfTokenHtml}}
<div class="alert alert-danger form-error{{if .HasError}}{{else}} hidden{{end}}">{{.ErrorMsg}}</div>
<div class="form-group {{if .Err_UserName}}has-error has-feedback{{end}}">
<label class="col-md-3 control-label">Username: </label>

1
templates/base/head.tmpl
View File

@@ -8,6 +8,7 @@
<meta name="author" content="Gogs - Go Git Service" />
<meta name="description" content="Gogs(Go Git Service) is a GitHub-like clone in the Go Programming Language" />
<meta name="keywords" content="go, git">
<meta name="_csrf" content="{{.CsrfToken}}" />
<!-- Stylesheets -->
<link href="/css/bootstrap.min.css" rel="stylesheet" />

1
templates/repo/create.tmpl
View File

@@ -2,6 +2,7 @@
{{template "base/navbar" .}}
<div class="container" id="gogs-body">
<form action="/repo/create" method="post" class="form-horizontal gogs-card" id="gogs-repo-create">
{{.CsrfTokenHtml}}
<h3>Create New Repository</h3>
<div class="alert alert-danger form-error{{if .HasError}}{{else}} hidden{{end}}">{{.ErrorMsg}}</div>
<div class="form-group">

1
templates/repo/setting.tmpl
View File

@@ -40,6 +40,7 @@
<div class="modal fade" id="delete-repository-modal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<div class="modal-dialog">
<form action="/{{.Owner.Name}}/{{.Repository.Name}}/settings" method="post" class="modal-content">
{{.CsrfTokenHtml}}
<input type="hidden" name="action" value="delete">
<div class="modal-header">

3
templates/user/active.tmpl
View File

@@ -1,7 +1,8 @@
{{template "base/head" .}}
{{template "base/navbar" .}}
<div id="gogs-body" class="container">
<form action="/user/activate" method="get" class="form-horizontal gogs-card" id="gogs-login-card">
<form action="/user/activate" method="post" class="form-horizontal gogs-card" id="gogs-login-card">
{{.CsrfTokenHtml}}
<h3>Activate Your Account</h3>
{{if .IsActivatePage}}
{{if .ServiceNotEnabled}}

1
templates/user/delete.tmpl
View File

@@ -22,6 +22,7 @@
<div class="modal fade" id="delete-account-modal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<div class="modal-dialog">
<form action="/user/delete" method="post" class="modal-content" id="gogs-user-delete">
{{.CsrfTokenHtml}}
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">&times;</button>
<h4 class="modal-title" id="myModalLabel">Delete Account</h4>

4
templates/user/password.tmpl
View File

@@ -5,7 +5,9 @@
<div id="gogs-user-setting-container" class="col-md-9">
<div id="gogs-setting-pwd">
<h4>Password</h4>
<form class="form-horizontal" id="gogs-password-form" method="post" action="/user/setting/password">{{if .IsSuccess}}
<form class="form-horizontal" id="gogs-password-form" method="post" action="/user/setting/password">
{{.CsrfTokenHtml}}
{{if .IsSuccess}}
<p class="alert alert-success">Password is changed successfully. You can now sign in via new password.</p>{{else if .HasError}}<p class="alert alert-danger form-error">{{.ErrorMsg}}</p>{{end}}
<div class="form-group">
<label class="col-md-3 control-label">Old Password<strong class="text-danger">*</strong></label>

1
templates/user/publickey.tmpl
View File

@@ -22,6 +22,7 @@
<div class="modal fade" id="ssh-add-modal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<div class="modal-dialog">
<form class="modal-content form-horizontal" id="gogs-ssh-form" method="post" action="/user/setting/ssh/">
{{.CsrfTokenHtml}}
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">&times;</button>
<h4 class="modal-title" id="myModalLabel">Add SSH Key</h4>

1
templates/user/setting.tmpl
View File

@@ -6,6 +6,7 @@
<div id="gogs-setting-pwd">
<h4>Account Profile</h4>
<form class="form-horizontal" id="gogs-password-form" method="post" action="/user/setting">
{{.CsrfTokenHtml}}
{{if .IsSuccess}}<p class="alert alert-success">Your profile has been successfully updated.</p>{{else if .HasError}}<p class="alert alert-danger form-error">{{.ErrorMsg}}</p>{{end}}
<p>Your Email will be public and used for Account related notifications and any web based operations made via the web.</p>
<div class="form-group">

1
templates/user/signin.tmpl
View File

@@ -2,6 +2,7 @@
{{template "base/navbar" .}}
<div class="container" id="gogs-body" data-page="user-signin">
<form action="/user/login" method="post" class="form-horizontal gogs-card" id="gogs-login-card">
{{.CsrfTokenHtml}}
<h3>Log in</h3>
<div class="alert alert-danger form-error{{if .HasError}}{{else}} hidden{{end}}">{{.ErrorMsg}}</div>
<div class="form-group {{if .Err_UserName}}has-error has-feedback{{end}}">

1
templates/user/signup.tmpl
View File

@@ -2,6 +2,7 @@
{{template "base/navbar" .}}
<div class="container" id="gogs-body" data-page="user-signup">
<form action="/user/sign_up" method="post" class="form-horizontal gogs-card" id="gogs-login-card">
{{.CsrfTokenHtml}}
{{if .DisenableRegisteration}}
Sorry, registeration has been disenabled, you can only get account from administrator.
{{else}}