fix: add CSRF token to all forms

TechnicPack · Nov 29, 2024 · c87f825 · c87f825
1 parent 399422a
commit c87f825
Show file tree

Hide file tree

Showing 18 changed files with 22 additions and 0 deletions.
diff --git a/resources/views/client/create.blade.php b/resources/views/client/create.blade.php
@@ -20,6 +20,7 @@
             <div class="row">
                 <div class="col-md-6">
                     <form method="post" action="{{ url()->current() }}" accept-charset="UTF-8">
+                        @csrf
                         <input type="hidden" name="add-client" value="1">
                         <div class="form-group">
                             <label for="name">Name</label>

diff --git a/resources/views/client/delete.blade.php b/resources/views/client/delete.blade.php
@@ -8,6 +8,7 @@
     <h2>Delete Client ({{ $client->name }})</h2>
     <p>This will immediately remove access to all modpacks this user has access to.</p>
     <form method="post" action="{{ url()->current() }}" accept-charset="UTF-8">
+        @csrf
         <input type="submit" class="btn btn-danger" value="Confirm Deletion">
         <a href="{{ url('/client/list') }}" class="btn btn-primary">Go Back</a>
     </form>

diff --git a/resources/views/dashboard/login.blade.php b/resources/views/dashboard/login.blade.php
@@ -12,6 +12,7 @@
 </head>
 <body class="login">
 <form class="vertical-form" method="post" action="{{ url()->full() }}" accept-charset="UTF-8">
+    @csrf
     <div style="margin:0;padding:0;display:inline;">
         <img alt="Technic-logo" class="logo" height="70" src="{{ asset('/img/wrenchIcon.svg') }}">
         <legend>

diff --git a/resources/views/key/create.blade.php b/resources/views/key/create.blade.php
@@ -20,6 +20,7 @@
             <div class="row">
                 <div class="col-md-6">
                     <form action="{{ url()->current() }}" method="post" accept-charset="UTF-8">
+                        @csrf
                         <input type="hidden" name="add-key" value="1">
                         <div class="form-group">
                             <label for="name">Name</label>

diff --git a/resources/views/key/delete.blade.php b/resources/views/key/delete.blade.php
@@ -9,6 +9,7 @@
     <p>This will immediately remove access to Solder using this API Key. Make sure to unlink any packs using this key
         before doing this.</p>
     <form method="post" action="{{ url()->current() }}" accept-charset="UTF-8">
+        @csrf
         <input type="submit" class="btn btn-danger" value="Confirm Deletion">
         <a href="{{ url('/key/list') }}" class="btn btn-primary">Go Back</a>
     </form>

diff --git a/resources/views/mod/create.blade.php b/resources/views/mod/create.blade.php
@@ -19,6 +19,7 @@
                 </div>
             @endif
             <form method="post" action="{{ url('/mod/create') }}" accept-charset="UTF-8">
+                @csrf
                 <div class="row">
                     <div class="col-md-6">
                         <div class="form-group">

diff --git a/resources/views/mod/delete.blade.php b/resources/views/mod/delete.blade.php
@@ -45,6 +45,7 @@
             </div>
             <hr>
             <form action="{{ url()->current() }}" method="post" accept-charset="UTF-8">
+                @csrf
                 <input type="submit" class="btn btn-danger" value="Delete Mod">
                 <a href="{{ url('/mod/list') }}" class="btn btn-primary">Go Back</a>
             </form>

diff --git a/resources/views/mod/view.blade.php b/resources/views/mod/view.blade.php
@@ -35,6 +35,7 @@
                         </div>
                     @endif
                     <form method="post" action="{{ url('/mod/modify/'.$mod->id) }}" accept-charset="UTF-8">
+                        @csrf
                         <div class="row">
                             <div class="col-md-6">
                                 <div class="form-group">
@@ -107,6 +108,7 @@ class="form-control"
                         <tbody>
                         <tr id="add-row">
                             <form method="post" id="add" action="{{ url('/mod/add-version') }}" accept-charset="UTF-8">
+                                @csrf
                                 <input type="hidden" name="mod-id" value="{{ $mod->id }}">
                                 <td></td>
                                 <td>
@@ -128,6 +130,7 @@ class="form-control"
                         @foreach ($mod->versions->sortByDesc('id') as $ver)
                             <tr class="version" rel="{{ $ver->id }}">
                                 <form class="rehash-form" data-version-id="{{ $ver->id }}" accept-charset="UTF-8">
+                                    @csrf
                                     <input type="hidden" name="version-id" value="{{ $ver->id }}">
                                     <td><i class="version-icon fa fa-plus" rel="{{ $ver->id }}"></i></td>
                                     <td class="version" rel="{{ $ver->id }}">{{ $ver->version }}</td>

diff --git a/resources/views/modpack/build/create.blade.php b/resources/views/modpack/build/create.blade.php
@@ -19,6 +19,7 @@
                 </div>
             @endif
             <form action="{{ url()->current() }}" method="post" accept-charset="UTF-8">
+                @csrf
                 <div class="row">
                     <div class="col-md-6">
                         <h4>Create Build</h4>

diff --git a/resources/views/modpack/build/delete.blade.php b/resources/views/modpack/build/delete.blade.php
@@ -12,6 +12,7 @@
         <div class="panel-body">
             <p>Are you sure you want to delete this build? This action is irreversible!</p>
             <form method="post" action="{{ url()->full() }}" accept-charset="UTF-8">
+                @csrf
                 <input type="hidden" name="confirm-delete" value="1">
                 <input type="submit" class="btn btn-danger" value="Delete Build">
                 <a href="{{ url('/modpack/view/'.$build->modpack->id) }}" class="btn btn-primary">Go Back</a>

diff --git a/resources/views/modpack/build/edit.blade.php b/resources/views/modpack/build/edit.blade.php
@@ -19,6 +19,7 @@
                 </div>
             @endif
             <form action="{{ url()->full() }}" method="post" accept-charset="UTF-8">
+                @csrf
                 <input type="hidden" name="confirm-edit" value="1">
                 <div class="row">
                     <div class="col-md-6">

diff --git a/resources/views/modpack/build/view.blade.php b/resources/views/modpack/build/view.blade.php
@@ -57,6 +57,7 @@
                           accept-charset="UTF-8"
                           class="mod-add"
                     >
+                        @csrf
                         <input type="hidden" name="build" value="{{ $build->id }}">
                         <input type="hidden" name="action" value="add">
                         <tr id="mod-list-add">
@@ -113,6 +114,7 @@ class="mod-add"
                                       style="margin-bottom: 0"
                                       class="mod-version"
                                 >
+                                    @csrf
                                     <input type="hidden" class="build-id" name="build_id" value="{{ $build->id }}">
                                     <input type="hidden"
                                            class="modversion-id"
@@ -139,6 +141,7 @@ class="modversion-id"
                                       style="margin-bottom: 0"
                                       class="mod-delete"
                                 >
+                                    @csrf
                                     <input type="hidden" name="build_id" value="{{ $build->id }}">
                                     <input type="hidden"
                                            class="modversion-id"

diff --git a/resources/views/modpack/create.blade.php b/resources/views/modpack/create.blade.php
@@ -19,6 +19,7 @@
                 </div>
             @endif
             <form action="{{ url()->current() }}" method="post" accept-charset="UTF-8">
+                @csrf
                 <div class="row">
                     <div class="col-md-6">
                         <div class="form-group">

diff --git a/resources/views/modpack/delete.blade.php b/resources/views/modpack/delete.blade.php
@@ -15,6 +15,7 @@
                 them from your API. Users with this modpack already on their launcher will be able to continue to use it
                 in "Offline Mode."</p>
             <form action="{{ url()->current() }}" method="post" accept-charset="UTF-8">
+                @csrf
                 <input type="submit" class="btn btn-danger" value="Confirm Deletion">
                 <a href="{{ url('/modpack/list') }}" class="btn btn-primary">Go Back</a>
             </form>

diff --git a/resources/views/modpack/edit.blade.php b/resources/views/modpack/edit.blade.php
@@ -19,6 +19,7 @@
                 </div>
             @endif
             <form method="post" action="{{ url()->current() }}" accept-charset="UTF-8">
+                @csrf
                 <div class="row">
                     <div class="col-md-6">
                         <h3>Modpack Management</h3>

diff --git a/resources/views/user/create.blade.php b/resources/views/user/create.blade.php
@@ -19,6 +19,7 @@
                 </div>
             @endif
             <form action="{{ url()->current() }}" method="post" accept-charset="UTF-8">
+                @csrf
                 <input type="hidden" name="edit-user" value="1">
                 <div class="row">
                     <div class="col-md-6">

diff --git a/resources/views/user/delete.blade.php b/resources/views/user/delete.blade.php
@@ -20,6 +20,7 @@
                     this, you will no longer be able to access Solder.</p>
             @endif
             <form method="post" action="{{ url()->current() }}" accept-charset="UTF-8">
+                @csrf
                 <input type="submit" class="btn btn-danger" value="Confirm Deletion">
                 <a href="{{ url('/user/list') }}" class="btn btn-primary">Go Back</a>
             </form>

diff --git a/resources/views/user/edit.blade.php b/resources/views/user/edit.blade.php
@@ -34,6 +34,7 @@
                 </div>
             @endif
             <form action="{{ url()->current() }}" method="post" accept-charset="UTF-8">
+                @csrf
                 <input type="hidden" name="edit-user" value="1">
                 <div class="row">
                     <div class="col-md-6">
-Original file line number
+Diff line change
@@ Expand Up / @@ -45,6 +45,7 @@ @@
                 </div>
                 <hr>
                 <form action="{{ url()->current() }}" method="post" accept-charset="UTF-8">
+                    @csrf
                     <input type="submit" class="btn btn-danger" value="Delete Mod">
                     <a href="{{ url('/mod/list') }}" class="btn btn-primary">Go Back</a>
                 </form>
@@ Expand Down @@