Skip to content
Permalink
Browse files
security: cross-site request forgery
  • Loading branch information
HDVinnie committed Sep 23, 2021
1 parent 2cd5c7a commit 2ea49b1d455ec3ca2cf1cbbe984d09b7e8c06423
Showing with 7 additions and 4 deletions.
  1. +6 鈭3 resources/views/user/buttons/profile.blade.php
  2. +1 鈭1 routes/web.php
@@ -6,9 +6,12 @@
<i class='{{ config('other.font-awesome') }} fa-eye-slash'></i> @lang('user.become-hidden')
</a>
@else
<a href="{{ route('user_visible', ['username' => $user->username]) }}" class="btn btn-sm btn-success">
<i class='{{ config('other.font-awesome') }} fa-eye'></i> @lang('user.become-visible')
</a>
<form role="form" method="POST" action="{{ route('user_visible', ['username' => $user->username]) }}" style="display: inline-block;">
@csrf
<button type="submit" class="btn btn-sm btn-success">
<i class='{{ config('other.font-awesome') }} fa-eye'></i> @lang('user.become-visible')
</button>
</form>
@endif
@if((auth()->user()->private_profile == 0 || auth()->user()->private_profile == 0))
<a href="{{ route('user_private', ['username' => $user->username]) }}" class="btn btn-sm btn-danger">
@@ -342,7 +342,7 @@
Route::post('/{username}/settings/privacy/other', [App\Http\Controllers\UserController::class, 'changeOther'])->name('privacy_other');
Route::post('/{username}/settings/change_twostep', [App\Http\Controllers\UserController::class, 'changeTwoStep'])->name('change_twostep');
Route::get('/{username}/settings/hidden', [App\Http\Controllers\UserController::class, 'makeHidden'])->name('user_hidden');
Route::get('/{username}/settings/visible', [App\Http\Controllers\UserController::class, 'makeVisible'])->name('user_visible');
Route::post('/{username}/settings/visible', [App\Http\Controllers\UserController::class, 'makeVisible'])->name('user_visible');
Route::get('/{username}/settings/private', [App\Http\Controllers\UserController::class, 'makePrivate'])->name('user_private');
Route::get('/{username}/settings/public', [App\Http\Controllers\UserController::class, 'makePublic'])->name('user_public');
Route::post('/accept-rules', [App\Http\Controllers\UserController::class, 'acceptRules'])->name('accept.rules');

0 comments on commit 2ea49b1

Please sign in to comment.