diff options
| author |  Vitaly Takmazov | 2022-12-20 02:21:22 +0300 |
|---|---|---|
| committer | Vitaly Takmazov | 2022-12-20 02:21:22 +0300 |
| commit | f0e10dc93f400e8ba979760a1c7af9d6e53cd1ef (patch) | |
| tree | f5acdbc7137bcb2622fc0bac4512649e9fa3d1a0 /src | |
| parent | 95b44e16a48c32b7e78a42cacb7a1dbaa41ce272 (diff) | |
Do not use multipart forms where possible
* Pass csrf token as parameter to multipart form
Diffstat (limited to 'src')
| -rw-r--r-- | src/main/resources/templates/views/settings_about.html | 3 | ||||
| -rw-r--r-- | src/main/resources/templates/views/settings_main.html | 10 |
2 files changed, 6 insertions, 7 deletions
diff --git a/src/main/resources/templates/views/settings_about.html b/src/main/resources/templates/views/settings_about.html index 94cd9058..846a3d11 100644 --- a/src/main/resources/templates/views/settings_about.html +++ b/src/main/resources/templates/views/settings_about.html @@ -1,8 +1,7 @@ {% extends "layouts/default" %} {% block content %} <article> - <form action="/settings" method="POST" enctype="multipart/form-data"> - <input type="hidden" name="{{_csrf.parameterName}}" value="{{_csrf.token}}" /> + <form action="/settings?{{_csrf.parameterName}}={{_csrf.token}}" method="POST" enctype="multipart/form-data"> <p>Full name: <input type="text" name="fullname" value="{{ userinfo.fullName }}"/></p> <p>Country: <input type="text" name="country" value="{{ userinfo.country }}"/></p> <p>URL: <input type="text" name="url" value="{{ userinfo.url }}" size="32"/><br/> diff --git a/src/main/resources/templates/views/settings_main.html b/src/main/resources/templates/views/settings_main.html index a0315244..c819177e 100644 --- a/src/main/resources/templates/views/settings_main.html +++ b/src/main/resources/templates/views/settings_main.html @@ -5,7 +5,7 @@ {%if not visitor.verified %} <h2 style="color: red; padding: 20px;">Verify your account by adding email or social account</h2> {% endif %} - <form action="/settings" method="POST" enctype="multipart/form-data"> + <form action="/settings" method="POST"> <input type="hidden" name="{{_csrf.parameterName}}" value="{{_csrf.token}}" /> <fieldset> <legend>Notification options</legend> @@ -35,7 +35,7 @@ {% endif %} </fieldset> {% if jids | length > 0 %} - <form action="/settings" method="POST" enctype="multipart/form-data"> + <form action="/settings" method="POST"> <input type="hidden" name="{{_csrf.parameterName}}" value="{{_csrf.token}}" /> <fieldset> <legend style="background: url(//static.juick.com/settings/xmpp.png) no-repeat; padding-left: 58px; line-height: 48px;"> @@ -65,7 +65,7 @@ <legend style="background: url(//static.juick.com/settings/email.png) no-repeat; padding-left: 58px; line-height: 48px;"> E-mail </legend> - <form action="/settings" method="POST" enctype="multipart/form-data"> + <form action="/settings" method="POST"> <input type="hidden" name="{{_csrf.parameterName}}" value="{{_csrf.token}}" /> <p>Add account:<br/> <input type="text" name="account"/> @@ -73,7 +73,7 @@ <input type="submit" value=" Add " class="Button" /> </p> </form> - <form action="/settings" method="POST" enctype="multipart/form-data"> + <form action="/settings" method="POST"> <input type="hidden" name="{{_csrf.parameterName}}" value="{{_csrf.token}}" /> <p>Your accounts:</p> <p> @@ -91,7 +91,7 @@ </form> {% if emails is not empty %} <!--email_off--> - <form action="/settings" method="POST" enctype="multipart/form-data"> + <form action="/settings" method="POST"> <input type="hidden" name="{{_csrf.parameterName}}" value="{{_csrf.token}}" /> <p>You can receive notifications to email:<br/> Sent to <select name="account"> |