Skip to content
Permalink
Browse files
security: cross-site request forgery
- huntr bounty
  • Loading branch information
HDVinnie committed Sep 24, 2021
1 parent 220db85 commit cc1e68337d83bee673872f8f2a781c9d3d1b2843
@@ -81,13 +81,20 @@ class="pull-left" style="padding-right: 10px;">
href="{{ route('users.show', ['username' => $comment->user->username]) }}" style="color:{{ $comment->user->group->color }};"><span><i class="{{ $comment->user->group->icon }}"></i> {{ $comment->user->username }}</span></a></strong> @endif
<span class="text-muted"><small><em>{{$comment->created_at->diffForHumans() }}</em></small></span>
@if ($comment->user_id == auth()->id() || auth()->user()->group->is_modo)
<a title="@lang('common.delete-your-comment')"
href="{{route('comment_delete',['comment_id'=>$comment->id])}}"><i
class="pull-right btn btn-danger btn-xs {{ config('other.font-awesome') }} fa fa-times" aria-hidden="true"></i></a>
<a title="@lang('common.edit-your-comment')" data-toggle="modal"
data-target="#modal-comment-edit-{{ $comment->id }}"><i
class="pull-right btn btn-warning btn-xs {{ config('other.font-awesome') }} fa-pencil"
aria-hidden="true"></i></a>
<div class="pull-right" style="display: inline-block;">
<a data-toggle="modal" data-target="#modal-comment-edit-{{ $comment->id }}">
<button class="btn btn-circle btn-info">
<i class="{{ config('other.font-awesome') }} fa-pencil"></i>
</button>
</a>
<form action="{{ route('comment_delete', ['comment_id' => $comment->id]) }}" method="POST" style="display: inline-block;">
@csrf
@method('DELETE')
<button type="submit" class="btn btn-circle btn-danger">
<i class="{{ config('other.font-awesome') }} fa-trash"></i>
</button>
</form>
</div>
@endif
<div class="pt-5">
@joypixels($comment->getContentHtml())
@@ -137,13 +137,20 @@ class="pull-left" style="padding-right: 10px;">
href="{{ route('users.show', ['username' => $comment->user->username]) }}" style="color:{{ $comment->user->group->color }};"><span><i class="{{ $comment->user->group->icon }}"></i> {{ $comment->user->username }}</span></a></strong> @endif
<span class="text-muted"><small><em>{{ $comment->created_at->toDayDateTimeString() }} ({{ $comment->created_at->diffForHumans() }})</em></small></span>
@if ($comment->user_id == auth()->id() || auth()->user()->group->is_modo)
<a title="@lang('common.delete-comment')"
href="{{route('comment_delete',['comment_id'=>$comment->id])}}"><i
class="pull-right {{ config('other.font-awesome') }} fa fa-times" aria-hidden="true"></i></a>
<a title="@lang('common.edit-comment')" data-toggle="modal"
data-target="#modal-comment-edit-{{ $comment->id }}"><i
class="pull-right {{ config('other.font-awesome') }} fa-pencil"
aria-hidden="true"></i></a>
<div class="pull-right" style="display: inline-block;">
<a data-toggle="modal" data-target="#modal-comment-edit-{{ $comment->id }}">
<button class="btn btn-circle btn-info">
<i class="{{ config('other.font-awesome') }} fa-pencil"></i>
</button>
</a>
<form action="{{ route('comment_delete', ['comment_id' => $comment->id]) }}" method="POST" style="display: inline-block;">
@csrf
@method('DELETE')
<button type="submit" class="btn btn-circle btn-danger">
<i class="{{ config('other.font-awesome') }} fa-trash"></i>
</button>
</form>
</div>
@endif
<div class="pt-5">
@joypixels($comment->getContentHtml())
@@ -250,13 +250,20 @@ class="pull-left" style="padding-right: 10px;">
href="{{ route('users.show', ['username' => $comment->user->username]) }}" style="color:{{ $comment->user->group->color }};"><span><i class="{{ $comment->user->group->icon }}"></i> {{ $comment->user->username }}</span></a></strong> @endif
<span class="text-muted"><small><em>{{ $comment->created_at->toDayDateTimeString() }} ({{ $comment->created_at->diffForHumans() }})</em></small></span>
@if ($comment->user_id == auth()->id() || auth()->user()->group->is_modo)
<a title="@lang('common.delete-comment')"
href="{{route('comment_delete',['comment_id'=>$comment->id])}}"><i
class="pull-right {{ config('other.font-awesome') }} fa fa-times" aria-hidden="true"></i></a>
<a title="@lang('common.edit-comment')" data-toggle="modal"
data-target="#modal-comment-edit-{{ $comment->id }}"><i
class="pull-right {{ config('other.font-awesome') }} fa-pencil"
aria-hidden="true"></i></a>
<div class="pull-right" style="display: inline-block;">
<a data-toggle="modal" data-target="#modal-comment-edit-{{ $comment->id }}">
<button class="btn btn-circle btn-info">
<i class="{{ config('other.font-awesome') }} fa-pencil"></i>
</button>
</a>
<form action="{{ route('comment_delete', ['comment_id' => $comment->id]) }}" method="POST" style="display: inline-block;">
@csrf
@method('DELETE')
<button type="submit" class="btn btn-circle btn-danger">
<i class="{{ config('other.font-awesome') }} fa-trash"></i>
</button>
</form>
</div>
@endif
<div class="pt-5">
@joypixels($comment->getContentHtml())
@@ -408,15 +408,20 @@ class="img-avatar-48"></a>
@endif
<span class="text-muted"><small><em>{{ $comment->created_at->toDayDateTimeString() }} ({{ $comment->created_at->diffForHumans() }})</em></small></span>
@if ($comment->user_id == auth()->id() || auth()->user()->group->is_modo)
<a title="@lang('common.delete-your-comment')"
href="{{route('comment_delete',['comment_id'=>$comment->id])}}"><i
class="pull-right {{ config('other.font-awesome') }} fa-lg fa-times"
aria-hidden="true"></i></a>
<a title="@lang('common.edit-your-comment')"
data-toggle="modal"
data-target="#modal-comment-edit-{{ $comment->id }}"><i
class="pull-right {{ config('other.font-awesome') }} fa-lg fa-pencil"
aria-hidden="true"></i></a>
<div class="pull-right" style="display: inline-block;">
<a data-toggle="modal" data-target="#modal-comment-edit-{{ $comment->id }}">
<button class="btn btn-circle btn-info">
<i class="{{ config('other.font-awesome') }} fa-pencil"></i>
</button>
</a>
<form action="{{ route('comment_delete', ['comment_id' => $comment->id]) }}" method="POST" style="display: inline-block;">
@csrf
@method('DELETE')
<button type="submit" class="btn btn-circle btn-danger">
<i class="{{ config('other.font-awesome') }} fa-trash"></i>
</button>
</form>
</div>
@endif
<div class="pt-5">
@joypixels($comment->getContentHtml())
@@ -1047,14 +1047,20 @@ class="pull-left" style="padding-right: 10px;">
class="{{ $comment->user->group->icon }}"></i> {{ $comment->user->username }}</span></a></strong> @endif
<span class="text-muted"><small><em>{{ $comment->created_at->toDayDateTimeString() }} ({{ $comment->created_at->diffForHumans() }})</em></small></span>
@if ($comment->user_id == auth()->id() || auth()->user()->group->is_modo)
<a title="@lang('common.delete-comment')"
href="{{route('comment_delete',['comment_id'=>$comment->id])}}"><i
class="pull-right {{ config('other.font-awesome') }} fa fa-times"
aria-hidden="true"></i></a>
<a title="@lang('common.edit-comment')" data-toggle="modal"
data-target="#modal-comment-edit-{{ $comment->id }}"><i
class="pull-right {{ config('other.font-awesome') }} fa-pencil"
aria-hidden="true"></i></a>
<div class="pull-right" style="display: inline-block;">
<a data-toggle="modal" data-target="#modal-comment-edit-{{ $comment->id }}">
<button class="btn btn-circle btn-info">
<i class="{{ config('other.font-awesome') }} fa-pencil"></i>
</button>
</a>
<form action="{{ route('comment_delete', ['comment_id' => $comment->id]) }}" method="POST" style="display: inline-block;">
@csrf
@method('DELETE')
<button type="submit" class="btn btn-circle btn-danger">
<i class="{{ config('other.font-awesome') }} fa-trash"></i>
</button>
</form>
</div>
@endif
<div class="pt-5">
@joypixels($comment->getContentHtml())
@@ -188,7 +188,7 @@
Route::post('/collection/{id}', [App\Http\Controllers\CommentController::class, 'collection'])->name('comment_collection');
Route::post('/ticket/{id}', [App\Http\Controllers\CommentController::class, 'ticket'])->name('comment_ticket');
Route::post('/edit/{comment_id}', [App\Http\Controllers\CommentController::class, 'editComment'])->name('comment_edit');
Route::get('/delete/{comment_id}', [App\Http\Controllers\CommentController::class, 'deleteComment'])->name('comment_delete');
Route::delete('/delete/{comment_id}', [App\Http\Controllers\CommentController::class, 'deleteComment'])->name('comment_delete');
});

// Extra-Stats System

0 comments on commit cc1e683

Please sign in to comment.