Skip to content
Permalink
Browse files
security: cross-site request forgery
  • Loading branch information
HDVinnie committed Nov 21, 2021
1 parent a5e3b6e commit b43c2577eb1bb3dcb336a4a823d04f25948a816b
Showing with 66 additions and 51 deletions.
  1. +57 鈭40 resources/views/torrent/torrent.blade.php
  2. +3 鈭5 resources/views/user/wishlist.blade.php
  3. +6 鈭6 routes/web.php
@@ -60,15 +60,15 @@ class="l-breadcrumb-item-link">
</a>

@if ($torrent->free == "0" && config('other.freeleech') == false && !$personal_freeleech && $user->group->is_freeleech == 0 && !$freeleech_token)
<a href="{{ route('freeleech_token', ['id' => $torrent->id]) }}"
class="btn btn-default btn-sm torrent-freeleech-token"
data-toggle=tooltip
data-html="true"
title='{!! trans('torrent.fl-tokens-left', ['tokens' => $user->fl_tokens]) !!}!'
role="button"
>
@lang('torrent.use-fl-token')
</a>
<form action="{{ route('freeleech_token', ['id' => $torrent->id]) }}" method="POST" style="display: inline;">
@csrf
<button type="submit" class="btn btn-primary btn-sm torrent-freeleech-token"
data-toggle=tooltip
data-html="true"
title='{!! trans('torrent.fl-tokens-left', ['tokens' => $user->fl_tokens]) !!}!'>
@lang('torrent.use-fl-token')
</button>
</form>
@endif
@endif
@else
@@ -103,9 +103,12 @@ class="btn btn-default btn-sm torrent-freeleech-token"

@if ($current = $user->history->where('info_hash', $torrent->info_hash)->first())
@if ($current->seeder == 0 && $current->active == 1 && $torrent->seeders <= 2)
<a href="{{ route('reseed', ['id' => $torrent->id]) }}" role="button" class="btn btn-sm btn-warning">
<i class='{{ config("other.font-awesome") }} fa-envelope'></i> @lang('torrent.request-reseed')
</a>
<form action="{{ route('reseed', ['id' => $torrent->id]) }}" method="POST" style="display: inline;">
@csrf
<button type="submit" class="btn btn-sm btn-primary">
<i class='{{ config("other.font-awesome") }} fa-envelope'></i> @lang('torrent.request-reseed')
</button>
</form>
@endif
@endif

@@ -643,45 +646,59 @@ class="badge-extra text-info"
@if (auth()->user()->group->is_modo || auth()->user()->group->is_internal)
<div class="torrent-internal-controls">
@if ($torrent->free == 0)
<a href="{{ route('torrent_fl', ['id' => $torrent->id]) }}"
class="btn btn-success btn-xs" role="button">
<i class="{{ config('other.font-awesome') }} fa-star"></i> @lang('torrent.grant') @lang('torrent.freeleech')
</a>
<form action="{{ route('torrent_fl', ['id' => $torrent->id]) }}" method="POST" style="display: inline;">
@csrf
<button type="submit" class="btn btn-xs btn-success">
<i class="{{ config('other.font-awesome') }} fa-star"></i> @lang('torrent.grant') @lang('torrent.freeleech')
</button>
</form>
@else
<a href="{{ route('torrent_fl', ['id' => $torrent->id]) }}"
class="btn btn-danger btn-xs" role="button">
<i class="{{ config('other.font-awesome') }} fa-star"></i> @lang('torrent.revoke') @lang('torrent.freeleech')
</a>
<form action="{{ route('torrent_fl', ['id' => $torrent->id]) }}" method="POST" style="display: inline;">
@csrf
<button type="submit" class="btn btn-xs btn-danger">
<i class="{{ config('other.font-awesome') }} fa-star"></i> @lang('torrent.revoke') @lang('torrent.freeleech')
</button>
</form>
@endif

@if ($torrent->doubleup == 0)
<a href="{{ route('torrent_doubleup', ['id' => $torrent->id]) }}"
class="btn btn-success btn-xs" role="button">
<i class="{{ config('other.font-awesome') }} fa-chevron-double-up"></i> @lang('torrent.grant') @lang('torrent.double-upload')
</a>
<form action="{{ route('torrent_doubleup', ['id' => $torrent->id]) }}" method="POST" style="display: inline;">
@csrf
<button type="submit" class="btn btn-xs btn-success">
<i class="{{ config('other.font-awesome') }} fa-chevron-double-up"></i> @lang('torrent.grant') @lang('torrent.double-upload')
</button>
</form>
@else
<a href="{{ route('torrent_doubleup', ['id' => $torrent->id]) }}"
class="btn btn-danger btn-xs" role="button">
<i class="{{ config('other.font-awesome') }} fa-chevron-double-up"></i> @lang('torrent.revoke') @lang('torrent.double-upload')
</a>
<form action="{{ route('torrent_doubleup', ['id' => $torrent->id]) }}" method="POST" style="display: inline;">
@csrf
<button type="submit" class="btn btn-xs btn-danger">
<i class="{{ config('other.font-awesome') }} fa-chevron-double-up"></i> @lang('torrent.revoke') @lang('torrent.double-upload')
</button>
</form>
@endif

@if ($torrent->sticky == 0)
<a href="{{ route('torrent_sticky', ['id' => $torrent->id]) }}"
class="btn btn-success btn-xs" role="button">
<i class="{{ config('other.font-awesome') }} fa-thumbtack"></i> @lang('torrent.sticky')
</a>
<form action="{{ route('torrent_sticky', ['id' => $torrent->id]) }}" method="POST" style="display: inline;">
@csrf
<button type="submit" class="btn btn-xs btn-success">
<i class="{{ config('other.font-awesome') }} fa-thumbtack"></i> @lang('torrent.sticky')
</button>
</form>
@else
<a href="{{ route('torrent_sticky', ['id' => $torrent->id]) }}"
class="btn btn-danger btn-xs" role="button">
<i class="{{ config('other.font-awesome') }} fa-thumbtack"></i> @lang('torrent.unsticky')
</a>
<form action="{{ route('torrent_sticky', ['id' => $torrent->id]) }}" method="POST" style="display: inline;">
@csrf
<button type="submit" class="btn btn-xs btn-danger">
<i class="{{ config('other.font-awesome') }} fa-thumbtack"></i> @lang('torrent.unsticky')
</button>
</form>
@endif

<a href="{{ route('bumpTorrent', ['id' => $torrent->id]) }}"
class="btn btn-primary btn-xs" role="button">
<i class="{{ config('other.font-awesome') }} fa-arrow-to-top"></i> @lang('torrent.bump')
</a>
<form action="{{ route('bumpTorrent', ['id' => $torrent->id]) }}" method="POST" style="display: inline;">
@csrf
<button type="submit" class="btn btn-xs btn-primary">
<i class="{{ config('other.font-awesome') }} fa-arrow-to-top"></i> @lang('torrent.bump')
</button>
</form>

@if ($torrent->featured == 0)
<form role="form" method="POST" action="{{ route('torrent_feature', ['id' => $torrent->id]) }}" style="display: inline-block;">
@@ -88,11 +88,9 @@ class="l-breadcrumb-item-link">
<form action="{{ route('wishes.destroy', ['id' => $wish->id]) }}" method="POST" style="display: inline;">
@csrf
@method('DELETE')
<a href="{{ route('mark-all-read') }}">
<button type="submit" class="btn btn-xs btn-danger">
<i class="{{ config('other.font-awesome') }} fa-trash"></i>
</button>
</a>
<button type="submit" class="btn btn-xs btn-danger">
<i class="{{ config('other.font-awesome') }} fa-trash"></i>
</button>
</form>
</td>
</tr>
@@ -268,15 +268,15 @@
Route::post('/delete', [App\Http\Controllers\TorrentController::class, 'deleteTorrent'])->name('delete');
Route::get('/{id}/edit', [App\Http\Controllers\TorrentController::class, 'editForm'])->name('edit_form');
Route::post('/{id}/edit', [App\Http\Controllers\TorrentController::class, 'edit'])->name('edit');
Route::get('/{id}/torrent_fl', [App\Http\Controllers\TorrentController::class, 'grantFL'])->name('torrent_fl');
Route::get('/{id}/torrent_doubleup', [App\Http\Controllers\TorrentController::class, 'grantDoubleUp'])->name('torrent_doubleup');
Route::get('/{id}/bumpTorrent', [App\Http\Controllers\TorrentController::class, 'bumpTorrent'])->name('bumpTorrent');
Route::get('/{id}/torrent_sticky', [App\Http\Controllers\TorrentController::class, 'sticky'])->name('torrent_sticky');
Route::post('/{id}/torrent_fl', [App\Http\Controllers\TorrentController::class, 'grantFL'])->name('torrent_fl');
Route::post('/{id}/torrent_doubleup', [App\Http\Controllers\TorrentController::class, 'grantDoubleUp'])->name('torrent_doubleup');
Route::post('/{id}/bumpTorrent', [App\Http\Controllers\TorrentController::class, 'bumpTorrent'])->name('bumpTorrent');
Route::post('/{id}/torrent_sticky', [App\Http\Controllers\TorrentController::class, 'sticky'])->name('torrent_sticky');
Route::post('/{id}/torrent_feature', [App\Http\Controllers\TorrentController::class, 'grantFeatured'])->name('torrent_feature');
Route::post('/{id}/torrent_revokefeature', [App\Http\Controllers\TorrentController::class, 'revokeFeatured'])->name('torrent_revokefeature');
Route::get('/{id}/reseed', [App\Http\Controllers\TorrentController::class, 'reseedTorrent'])->name('reseed');
Route::post('/{id}/reseed', [App\Http\Controllers\TorrentController::class, 'reseedTorrent'])->name('reseed');
Route::post('/{id}/tip_uploader', [App\Http\Controllers\BonusController::class, 'tipUploader'])->name('tip_uploader');
Route::get('/{id}/freeleech_token', [App\Http\Controllers\TorrentController::class, 'freeleechToken'])->name('freeleech_token');
Route::post('/{id}/freeleech_token', [App\Http\Controllers\TorrentController::class, 'freeleechToken'])->name('freeleech_token');
Route::get('/similar/{category_id}.{tmdb}', [App\Http\Controllers\TorrentController::class, 'similar'])->name('torrents.similar');
});

0 comments on commit b43c257

Please sign in to comment.