friendica
/
friendica
mirror of https://github.com/friendica/friendica.git
4
7
Fork 3
Code Issues Releases 15 Wiki Activity
Browse Source

Merge branch 'pull'

pull/130/merge
friendica 10 years ago
parent
dc84da520d acc4bbeb6e
commit
427362c324
23 changed files with 163 additions and 59 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      boot.php
  2. 9
      include/conversation.php
  3. 2
      include/event.php
  4. 5
      include/items.php
  5. 2
      include/oembed.php
  6. 46
      include/security.php
  7. 9
      include/template_processor.php
  8. 2
      mod/dfrn_request.php
  9. 2
      mod/message.php
  10. 14
      mod/network.php
  11. 2
      mod/parse_url.php
  12. 18
      mod/profile_photo.php
  13. 26
      mod/profiles.php
  14. 61
      mod/settings.php
  15. 1
      view/cropbody.tpl
  16. 5
      view/profile_edit.tpl
  17. 2
      view/profile_listing_header.tpl
  18. 1
      view/profile_photo.tpl
  19. 2
      view/settings.tpl
  20. 1
      view/settings_addons.tpl
  21. 1
      view/settings_connectors.tpl
  22. 5
      view/settings_oauth.tpl
  23. 2
      view/settings_oauth_edit.tpl

4
boot.php
Unescape View File

@ -1209,7 +1209,7 @@ function current_theme(){
$a = get_app();
$system_theme = ((isset($a->config['system']['theme'])) ? $a->config['system']['theme'] : '');
$theme_name = ((is_array($_SESSION) && x($_SESSION,'theme')) ? $_SESSION['theme'] : $system_theme);
$theme_name = ((isset($_SESSION) && x($_SESSION,'theme')) ? $_SESSION['theme'] : $system_theme);
if($theme_name && file_exists('view/theme/' . $theme_name . '/style.css'))
return($theme_name);
@ -1335,7 +1335,7 @@ function profile_tabs($a, $is_owner=False, $nickname=Null){
array(
'label' => t('Profile'),
'url' => $url.'/?tab=profile',
'sel' => (($tab=='profile')?'active':''),
'sel' => ((isset($tab) && $tab=='profile')?'active':''),
),
array(
'label' => t('Photos'),

9
include/conversation.php
Unescape View File

@ -375,7 +375,8 @@ function conversation(&$a, $items, $mode, $update, $preview = false) {
$comments[$item['parent']] = 1;
else
$comments[$item['parent']] += 1;
}
} elseif(! x($comments,$item['parent']))
$comments[$item['parent']] = 0; // avoid notices later on
}
// map all the like/dislike activities for each parent item
@ -915,7 +916,7 @@ function status_editor($a,$x, $notes_cid = 0, $popup=false) {
$o .= replace_macros($tpl,array(
'$return_path' => $a->cmd,
'$action' => $a->get_baseurl().'/item',
'$share' => (($x['button']) ? $x['button'] : t('Share')),
'$share' => (x($x,'button') ? $x['button'] : t('Share')),
'$upload' => t('Upload photo'),
'$shortupload' => t('upload photo'),
'$attach' => t('Attach file'),
@ -980,8 +981,8 @@ function conv_sort($arr,$order) {
usort($parents,'sort_thr_commented');
if(count($parents))
foreach($parents as $x)
$x['children'] = array();
foreach($parents as $i=>$_x)
$parents[$i]['children'] = array();
foreach($arr as $x) {
if($x['id'] != $x['parent']) {

2
include/event.php
Unescape View File

@ -163,7 +163,7 @@ function bbtoevent($s) {
if(preg_match("/\[event\-adjust\](.*?)\[\/event\-adjust\]/is",$s,$match))
$ev['adjust'] = $match[1];
$match = '';
$ev['nofinish'] = (($ev['start'] && (!x($ev, 'finish') || !$ev['finish'])) ? 1 : 0);
$ev['nofinish'] = (((x($ev, 'start') && $ev['start']) && (!x($ev, 'finish') || !$ev['finish'])) ? 1 : 0);
return $ev;
}

5
include/items.php
Unescape View File

@ -682,7 +682,7 @@ function item_store($arr,$force_parent = false) {
unset($arr['dsprsig']);
}
if($arr['gravity'])
if(x($arr, 'gravity'))
$arr['gravity'] = intval($arr['gravity']);
elseif($arr['parent-uri'] === $arr['uri'])
$arr['gravity'] = 0;
@ -742,6 +742,7 @@ function item_store($arr,$force_parent = false) {
if($arr['parent-uri'] === $arr['uri']) {
$parent_id = 0;
$parent_deleted = 0;
$allow_cid = $arr['allow_cid'];
$allow_gid = $arr['allow_gid'];
$deny_cid = $arr['deny_cid'];
@ -800,6 +801,8 @@ function item_store($arr,$force_parent = false) {
logger('item_store: item parent was not found - ignoring item');
return 0;
}
$parent_deleted = 0;
}
}

2
include/oembed.php
Unescape View File

@ -62,7 +62,7 @@ function oembed_fetch_url($embedurl){
function oembed_format_object($j){
$embedurl = $j->embedurl;
$jhtml = oembed_iframe($j->embedurl,$j->width,$j->height );
$jhtml = oembed_iframe($j->embedurl,(isset($j->width) ? $j->width : null), (isset($j->height) ? $j->height : null) );
$ret="<span class='oembed ".$j->type."'>";
switch ($j->type) {
case "video": {

46
include/security.php
Unescape View File

@ -288,3 +288,49 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null)
}
/*
* Functions used to protect against Cross-Site Request Forgery
* The security token has to base on at least one value that an attacker can't know - here it's the session ID and the private key.
* In this implementation, a security token is reusable (if the user submits a form, goes back and resubmits the form, maybe with small changes;
* or if the security token is used for ajax-calls that happen several times), but only valid for a certain amout of time (3hours).
* The "typename" seperates the security tokens of different types of forms. This could be relevant in the following case:
* A security token is used to protekt a link from CSRF (e.g. the "delete this profile"-link).
* If the new page contains by any chance external elements, then the used security token is exposed by the referrer.
* Actually, important actions should not be triggered by Links / GET-Requests at all, but somethimes they still are,
* so this mechanism brings in some damage control (the attacker would be able to forge a request to a form of this type, but not to forms of other types).
*/
function get_form_security_token($typename = "") {
$a = get_app();
$timestamp = time();
$sec_hash = hash('whirlpool', $a->user["guid"] . $a->user["prvkey"] . session_id() . $timestamp . $typename);
return $timestamp . "." . $sec_hash;
}
function check_form_security_token($typename = "", $formname = 'form_security_token') {
if (!x($_REQUEST, $formname)) return false;
$hash = $_REQUEST[$formname];
$max_livetime = 10800; // 3 hours
$a = get_app();
$x = explode(".", $hash);
if (time() > (IntVal($x[0]) + $max_livetime)) return false;
$sec_hash = hash('whirlpool', $a->user["guid"] . $a->user["prvkey"] . session_id() . $x[0] . $typename);
return ($sec_hash == $x[1]);
}
function check_form_security_std_err_msg() {
return t('The form security token was not correct. This probably happened because the form has been opened for too long (>3 hours) before subitting it.') . EOL;
}
function check_form_security_token_redirectOnErr($err_redirect, $typename = "", $formname = 'form_security_token') {
if (!check_form_security_token($typename, $formname)) {
$a = get_app();
notice( check_form_security_std_err_msg() );
goaway($a->get_baseurl() . $err_redirect );
}
}

9
include/template_processor.php
Unescape View File

@ -80,8 +80,13 @@
*/
private function _replcb_for($args){
$m = array_map('trim', explode(" as ", $args[2]));
list($keyname, $varname) = explode("=>",$m[1]);
if (is_null($varname)) { $varname=$keyname; $keyname=""; }
$x = explode("=>",$m[1]);
if (count($x) == 1) {
$varname = $x[0];
$keyname = "";
} else {
list($keyname, $varname) = $x;
}
if ($m[0]=="" || $varname=="" || is_null($varname)) die("template error: 'for ".$m[0]." as ".$varname."'") ;
//$vals = $this->r[$m[0]];
$vals = $this->_get_var($m[0]);

2
mod/dfrn_request.php
Unescape View File

@ -43,7 +43,7 @@ function dfrn_request_post(&$a) {
return;
if($_POST['cancel']) {
if(x($_POST, 'cancel')) {
goaway(z_root());
}

2
mod/message.php
Unescape View File

@ -192,7 +192,7 @@ function message_content(&$a) {
$a->set_pager_total($r[0]['total']);
$r = q("SELECT max(`mail`.`created`) AS `mailcreated`, min(`mail`.`seen`) AS `mailseen`,
`mail`.* , `contact`.`name`, `contact`.`url`, `contact`.`thumb`
`mail`.* , `contact`.`name`, `contact`.`url`, `contact`.`thumb` , `contact`.`network`
FROM `mail` LEFT JOIN `contact` ON `mail`.`contact-id` = `contact`.`id`
WHERE `mail`.`uid` = %d AND `from-url` $eq '%s' GROUP BY `parent-uri` ORDER BY `created` DESC LIMIT %d , %d ",
intval(local_user()),

14
mod/network.php
Unescape View File

@ -44,7 +44,7 @@ function network_init(&$a) {
}
$a->page['aside'] .= group_side('network','network',true,$group_id);
$a->page['aside'] .= networks_widget($a->get_baseurl() . '/network',(($_GET['nets']) ? $_GET['nets'] : ''));
$a->page['aside'] .= networks_widget($a->get_baseurl() . '/network',(x($_GET, 'nets') ? $_GET['nets'] : ''));
$a->page['aside'] .= saved_searches($search);
}
@ -132,15 +132,15 @@ function network_content(&$a, $update = 0) {
$starred_active = 'active';
}
if($_GET['bmark']) {
if(x($_GET,'bmark')) {
$bookmarked_active = 'active';
}
if($_GET['conv']) {
if(x($_GET,'conv')) {
$conv_active = 'active';
}
if($_GET['spam']) {
if(x($_GET,'spam')) {
$spam_active = 'active';
}
@ -248,7 +248,7 @@ function network_content(&$a, $update = 0) {
$def_acl = array('allow_cid' => '<' . intval($cid) . '>');
if(! $update) {
if(group) {
if($group) {
if(($t = group_public_members($group)) && (! get_pconfig(local_user(),'system','nowarn_insecure'))) {
notice( sprintf( tt('Warning: This group contains %s member from an insecure network.',
'Warning: This group contains %s members from an insecure network.',
@ -498,7 +498,9 @@ function network_content(&$a, $update = 0) {
$items = conv_sort($items,$ordering);
}
} else {
$items = array();
}
}

2
mod/parse_url.php
Unescape View File

@ -188,7 +188,7 @@ function parse_url_content(&$a) {
if(! $text) {
logger('parsing meta');
$items = $domhead->getElementsByTagName('meta');
$items = (isset($domhead) && is_object($domhead) ? $domhead->getElementsByTagName('meta') : null);
if($items) {
foreach($items as $item) {
$property = $item->getAttribute('property');

18
mod/profile_photo.php
Unescape View File

@ -15,11 +15,13 @@ function profile_photo_init(&$a) {
function profile_photo_post(&$a) {
if(! local_user()) {
notice ( t('Permission denied.') . EOL );
return;
}
if(! local_user()) {
notice ( t('Permission denied.') . EOL );
return;
}
check_form_security_token_redirectOnErr('/profile_photo', 'profile_photo');
if((x($_POST,'cropfinal')) && ($_POST['cropfinal'] == 1)) {
// phase 2 - we have finished cropping
@ -148,7 +150,9 @@ function profile_photo_content(&$a) {
notice( t('Permission denied.') . EOL );
return;
};
check_form_security_token_redirectOnErr('/profile_photo', 'profile_photo');
$resource_id = $a->argv[2];
//die(":".local_user());
$r=q("SELECT * FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s' ORDER BY `scale` ASC",
@ -203,6 +207,7 @@ function profile_photo_content(&$a) {
'$lbl_upfile' => t('Upload File:'),
'$title' => t('Upload Profile Photo'),
'$submit' => t('Upload'),
'$form_security_token' => get_form_security_token("profile_photo"),
'$select' => sprintf('%s %s', t('or'), ($newuser) ? '<a href="' . $a->get_baseurl() . '">' . t('skip this step') . '</a>' : '<a href="'. $a->get_baseurl() . '/photos/' . $a->user['nickname'] . '">' . t('select a photo from your photo albums') . '</a>')
));
@ -218,6 +223,7 @@ function profile_photo_content(&$a) {
'$image_url' => $a->get_baseurl() . '/photo/' . $filename,
'$title' => t('Crop Image'),
'$desc' => t('Please adjust the image cropping for optimum viewing.'),
'$form_security_token' => get_form_security_token("profile_photo"),
'$done' => t('Done Editing')
));
return $o;

26
mod/profiles.php
Unescape View File

@ -21,6 +21,9 @@ function profiles_post(&$a) {
notice( t('Profile not found.') . EOL);
return;
}
check_form_security_token_redirectOnErr('/profiles', 'profile_edit');
$is_default = (($orig[0]['is-default']) ? 1 : 0);
$profile_name = notags(trim($_POST['profile_name']));
@ -240,6 +243,8 @@ function profiles_content(&$a) {
goaway($a->get_baseurl() . '/profiles');
return; // NOTREACHED
}
check_form_security_token_redirectOnErr('/profiles', 'profile_drop', 't');
// move every contact using this profile as their default to the user default
@ -264,6 +269,8 @@ function profiles_content(&$a) {
if(($a->argc > 1) && ($a->argv[1] === 'new')) {
check_form_security_token_redirectOnErr('/profiles', 'profile_new', 't');
$r0 = q("SELECT `id` FROM `profile` WHERE `uid` = %d",
intval(local_user()));
@ -291,10 +298,13 @@ function profiles_content(&$a) {
info( t('New profile created.') . EOL);
if(count($r3) == 1)
goaway($a->get_baseurl() . '/profiles/' . $r3[0]['id']);
goaway($a->get_baseurl() . '/profiles');
}
}
if(($a->argc > 2) && ($a->argv[1] === 'clone')) {
check_form_security_token_redirectOnErr('/profiles', 'profile_clone', 't');
$r0 = q("SELECT `id` FROM `profile` WHERE `uid` = %d",
intval(local_user()));
@ -330,9 +340,11 @@ function profiles_content(&$a) {
info( t('New profile created.') . EOL);
if(count($r3) == 1)
goaway($a->get_baseurl() . '/profiles/' . $r3[0]['id']);
goaway($a->get_baseurl() . '/profiles');
return; // NOTREACHED
}
goaway($a->get_baseurl() . '/profiles');
return; // NOTREACHED
}
if(($a->argc > 1) && (intval($a->argv[1]))) {
@ -371,6 +383,9 @@ function profiles_content(&$a) {
$is_default = (($r[0]['is-default']) ? 1 : 0);
$tpl = get_markup_template("profile_edit.tpl");
$o .= replace_macros($tpl,array(
'$form_security_token' => get_form_security_token("profile_edit"),
'$profile_clone_link' => 'profiles/clone/' . $r[0]['id'] . '?t=' . get_form_security_token("profile_clone"),
'$profile_drop_link' => 'profiles/drop/' . $r[0]['id'] . '?t=' . get_form_security_token("profile_drop"),
'$banner' => t('Edit Profile Details'),
'$submit' => t('Submit'),
'$viewprof' => t('View this profile'),
@ -460,7 +475,8 @@ function profiles_content(&$a) {
$o .= replace_macros($tpl_header,array(
'$header' => t('Edit/Manage Profiles'),
'$chg_photo' => t('Change profile photo'),
'$cr_new' => t('Create New Profile')
'$cr_new' => t('Create New Profile'),
'$cr_new_link' => 'profiles/new?t=' . get_form_security_token("profile_new")
));

61
mod/settings.php
Unescape View File

@ -53,6 +53,8 @@ function settings_post(&$a) {
$old_page_flags = $a->user['page-flags'];
if(($a->argc > 1) && ($a->argv[1] === 'oauth') && x($_POST,'remove')){
check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth');
$key = $_POST['remove'];
q("DELETE FROM tokens WHERE id='%s' AND uid=%d",
dbesc($key),
@ -63,6 +65,8 @@ function settings_post(&$a) {
if(($a->argc > 2) && ($a->argv[1] === 'oauth') && ($a->argv[2] === 'edit'||($a->argv[2] === 'add')) && x($_POST,'submit')) {
check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth');
$name = ((x($_POST,'name')) ? $_POST['name'] : '');
$key = ((x($_POST,'key')) ? $_POST['key'] : '');
$secret = ((x($_POST,'secret')) ? $_POST['secret'] : '');
@ -105,13 +109,18 @@ function settings_post(&$a) {
}
if(($a->argc > 1) && ($a->argv[1] == 'addon')) {
check_form_security_token_redirectOnErr('/settings/addon', 'settings_addon');
call_hooks('plugin_settings_post', $_POST);
return;
}
if(($a->argc > 1) && ($a->argv[1] == 'connectors')) {
if(x($_POST['imap-submit'])) {
check_form_security_token_redirectOnErr('/settings/connectors', 'settings_connectors');
if(x($_POST, 'imap-submit')) {
$mail_server = ((x($_POST,'mail_server')) ? $_POST['mail_server'] : '');
$mail_port = ((x($_POST,'mail_port')) ? $_POST['mail_port'] : '');
$mail_ssl = ((x($_POST,'mail_ssl')) ? strtolower(trim($_POST['mail_ssl'])) : '');
@ -185,7 +194,8 @@ function settings_post(&$a) {
return;
}
check_form_security_token_redirectOnErr('/settings', 'settings');
call_hooks('settings_post', $_POST);
if((x($_POST,'npassword')) || (x($_POST,'confirm'))) {
@ -460,6 +470,7 @@ function settings_content(&$a) {
if(($a->argc > 2) && ($a->argv[2] === 'add')) {
$tpl = get_markup_template("settings_oauth_edit.tpl");
$o .= replace_macros($tpl, array(
'$form_security_token' => get_form_security_token("settings_oauth"),
'$tabs' => $tabs,
'$title' => t('Add application'),
'$submit' => t('Submit'),
@ -486,6 +497,7 @@ function settings_content(&$a) {
$tpl = get_markup_template("settings_oauth_edit.tpl");
$o .= replace_macros($tpl, array(
'$form_security_token' => get_form_security_token("settings_oauth"),
'$tabs' => $tabs,
'$title' => t('Add application'),
'$submit' => t('Update'),
@ -500,6 +512,8 @@ function settings_content(&$a) {
}
if(($a->argc > 3) && ($a->argv[2] === 'delete')) {
check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth', 't');
$r = q("DELETE FROM clients WHERE client_id='%s' AND uid=%d",
dbesc($a->argv[3]),
local_user());
@ -518,6 +532,7 @@ function settings_content(&$a) {
$tpl = get_markup_template("settings_oauth.tpl");
$o .= replace_macros($tpl, array(
'$form_security_token' => get_form_security_token("settings_oauth"),
'$baseurl' => $a->get_baseurl(),
'$title' => t('Connected Apps'),
'$add' => t('Add application'),
@ -544,6 +559,7 @@ function settings_content(&$a) {
$tpl = get_markup_template("settings_addons.tpl");
$o .= replace_macros($tpl, array(
'$form_security_token' => get_form_security_token("settings_addons"),
'$title' => t('Plugin Settings'),
'$tabs' => $tabs,
'$settings_addons' => $settings_addons
@ -586,28 +602,28 @@ function settings_content(&$a) {
$tpl = get_markup_template("settings_connectors.tpl");
$o .= replace_macros($tpl, array(
'$form_security_token' => get_form_security_token("settings_connectors"),
'$title' => t('Connector Settings'),
'$tabs' => $tabs,
'$diasp_enabled' => $diasp_enabled,
'$ostat_enabled' => $ostat_enabled,
'$h_imap' => t('Email/Mailbox Setup'),
'$imap_desc' => t("If you wish to communicate with email contacts using this service \x28optional\x29, please specify how to connect to your mailbox."),
'$imap_lastcheck' => array('imap_lastcheck', t('Last successful email check:'), $mail_chk,''),
'$mail_disabled' => (($mail_disabled) ? t('Email access is disabled on this site.') : ''),
'$mail_server' => array('mail_server', t('IMAP server name:'), $mail_server, ''),
'$mail_port' => array('mail_port', t('IMAP port:'), $mail_port, ''),
'$mail_ssl' => array('mail_ssl', t('Security:'), strtoupper($mail_ssl), '', array( ''=>t('None'), 'TLS'=>'TLS', 'SSL'=>'SSL')),
'$mail_user' => array('mail_user', t('Email login name:'), $mail_user, ''),
'$mail_pass' => array('mail_pass', t('Email password:'), '', ''),
'$mail_replyto' => array('mail_replyto', t('Reply-to address:'), '', 'Optional'),
'$mail_pubmail' => array('mail_pubmail', t('Send public posts to all email contacts:'), $mail_pubmail, ''),
'$mail_action' => array('mail_action', t('Action after import:'), $mail_action, '', array(0=>t('None'), 1=>t('Delete'), 2=>t('Mark as seen'), 3=>t('Move to folder'))),
'$mail_movetofolder' => array('mail_movetofolder', t('Move to folder:'), $mail_movetofolder, ''),
'$submit' => t('Submit'),
'$diasp_enabled' => $diasp_enabled,
'$ostat_enabled' => $ostat_enabled,
'$h_imap' => t('Email/Mailbox Setup'),
'$imap_desc' => t("If you wish to communicate with email contacts using this service \x28optional\x29, please specify how to connect to your mailbox."),
'$imap_lastcheck' => array('imap_lastcheck', t('Last successful email check:'), $mail_chk,''),
'$mail_disabled' => (($mail_disabled) ? t('Email access is disabled on this site.') : ''),
'$mail_server' => array('mail_server', t('IMAP server name:'), $mail_server, ''),
'$mail_port' => array('mail_port', t('IMAP port:'), $mail_port, ''),
'$mail_ssl' => array('mail_ssl', t('Security:'), strtoupper($mail_ssl), '', array( ''=>t('None'), 'TLS'=>'TLS', 'SSL'=>'SSL')),
'$mail_user' => array('mail_user', t('Email login name:'), $mail_user, ''),
'$mail_pass' => array('mail_pass', t('Email password:'), '', ''),
'$mail_replyto' => array('mail_replyto', t('Reply-to address:'), '', 'Optional'),
'$mail_pubmail' => array('mail_pubmail', t('Send public posts to all email contacts:'), $mail_pubmail, ''),
'$mail_action' => array('mail_action', t('Action after import:'), $mail_action, '', array(0=>t('None'), 1=>t('Delete'), 2=>t('Mark as seen'), 3=>t('Move to folder'))),
'$mail_movetofolder' => array('mail_movetofolder', t('Move to folder:'), $mail_movetofolder, ''),
'$submit' => t('Submit'),
'$settings_connectors' => $settings_connectors
));
@ -805,6 +821,7 @@ function settings_content(&$a) {
'$submit' => t('Submit'),
'$baseurl' => $a->get_baseurl(),
'$uid' => local_user(),
'$form_security_token' => get_form_security_token("settings"),
'$nickname_block' => $prof_addr,

1
view/cropbody.tpl
Unescape View File

@ -40,6 +40,7 @@ $desc
</script>
<form action="profile_photo/$resource" id="crop-image-form" method="post" />
<input type='hidden' name='form_security_token' value='$form_security_token'>
<input type="hidden" name="cropfinal" value="1" />
<input type="hidden" name="xstart" id="x1" />

5
view/profile_edit.tpl
Unescape View File

@ -5,9 +5,9 @@ $default
<div id="profile-edit-links">
<ul>
<li><a href="profile/$profile_id/view?tab=profile" id="profile-edit-view-link" title="$viewprof">$viewprof</a></li>
<li><a href="profiles/clone/$profile_id" id="profile-edit-clone-link" title="$cr_prof">$cl_prof</a></li>
<li><a href="$profile_clone_link" id="profile-edit-clone-link" title="$cr_prof">$cl_prof</a></li>
<li></li>
<li><a href="profiles/drop/$profile_id" id="profile-edit-drop-link" title="$del_prof" $disabled >$del_prof</a></li>
<li><a href="$profile_drop_link" id="profile-edit-drop-link" title="$del_prof" $disabled >$del_prof</a></li>
</ul>
</div>
@ -17,6 +17,7 @@ $default
<div id="profile-edit-wrapper" >
<form id="profile-edit-form" name="form1" action="profiles/$profile_id" method="post" >
<input type='hidden' name='form_security_token' value='$form_security_token'>
<div id="profile-edit-profile-name-wrapper" >
<label id="profile-edit-profile-name-label" for="profile-edit-profile-name" >$lbl_profname </label>

2
view/profile_listing_header.tpl
Unescape View File

@ -3,6 +3,6 @@
<a href="profile_photo" >$chg_photo</a>
</p>
<div id="profile-listing-new-link-wrapper" class="button" >
<a href="profiles/new" id="profile-listing-new-link" title="$cr_new" >$cr_new</a>
<a href="$cr_new_link" id="profile-listing-new-link" title="$cr_new" >$cr_new</a>
</div>

1
view/profile_photo.tpl
Unescape View File

@ -1,6 +1,7 @@
<h1>$title</h1>
<form enctype="multipart/form-data" action="profile_photo" method="post">
<input type='hidden' name='form_security_token' value='$form_security_token'>
<div id="profile-photo-upload-wrapper">
<label id="profile-photo-upload-label" for="profile-photo-upload">$lbl_upfile </label>

2
view/settings.tpl
Unescape View File

@ -5,7 +5,7 @@ $tabs
$nickname_block
<form action="settings" id="settings-form" method="post" autocomplete="off" >
<input type='hidden' name='form_security_token' value='$form_security_token'>
<h3 class="settings-heading">$h_pass</h3>

1
view/settings_addons.tpl
Unescape View File

@ -4,6 +4,7 @@ $tabs
<form action="settings/addon" method="post" autocomplete="off">
<input type='hidden' name='form_security_token' value='$form_security_token'>
$settings_addons

1
view/settings_connectors.tpl
Unescape View File

@ -6,6 +6,7 @@ $tabs
<div class="connector_statusmsg">$ostat_enabled</div>
<form action="settings/connectors" method="post" autocomplete="off">
<input type='hidden' name='form_security_token' value='$form_security_token'>
$settings_connectors

5
view/settings_oauth.tpl
Unescape View File

@ -4,7 +4,8 @@ $tabs
<form action="settings/oauth" method="post" autocomplete="off">
<input type='hidden' name='form_security_token' value='$form_security_token'>
<div id="profile-edit-links">
<ul>
<li>
@ -24,7 +25,7 @@ $tabs
{{ endif }}
{{ if $app.my }}
<a href="$baseurl/settings/oauth/edit/$app.client_id" class="icon s22 edit" title="$edit">&nbsp;</a>
<a href="$baseurl/settings/oauth/delete/$app.client_id" class="icon s22 delete" title="$delete">&nbsp;</a>
<a href="$baseurl/settings/oauth/delete/$app.client_id?t=$form_security_token" class="icon s22 delete" title="$delete">&nbsp;</a>
{{ endif }}
</div>
{{ endfor }}

2
view/settings_oauth_edit.tpl
Unescape View File

@ -3,6 +3,8 @@ $tabs
<h1>$title</h1>
<form method="POST">
<input type='hidden' name='form_security_token' value='$form_security_token'>
{{ inc field_input.tpl with $field=$name }}{{ endinc }}
{{ inc field_input.tpl with $field=$key }}{{ endinc }}
{{ inc field_input.tpl with $field=$secret }}{{ endinc }}

Write Preview
Loading…
Cancel
Save