Plume/templates/users/header.html.tera
Bat d8ca1d70b7 Fix CSRF issues
GET routes are not protected against CSRF. This commit changes the needed URLs to
POST and replace simple links with forms.

Thanks @fdb-hiroshima for noticing it!
2018-09-19 18:13:07 +01:00

45 lines
1.3 KiB
Plaintext

<div class="user">
<div class="flex wrap">
{{ macros::avatar(user=user, size="medium") }}
<h1 class="grow flex vertical">
{{ user.name }}
<small>@{{ user.fqn }}</small>
</h1>
<p>
{% if user.is_admin %}
<span class="badge">{{ "Admin" | _ }}</span>
{% endif %}
{% if is_self %}
<span class="badge">{{ "It is you" | _ }}</span>
{% endif %}
{% if is_self %}
<a href="/@/{{ user.username }}/edit" class="button inline-block">{{ "Edit your profile" | _ }}</a>
{% endif %}
</p>
</div>
{% if is_remote %}
<a class="inline-block" href="{{ user.ap_url }}" target="_blank">{{ "Open on {{ instance_url }}" | _(instance_url=instance_url) }}</a>
{% endif %}
{% set not_self = not is_self %}
{% if not_self and (account is defined) %}
<form class="inline" method="post" action="/@/{{ user.fqn }}/follow/">
{% if follows %}
<input type="submit" value="{{ 'Unfollow' | _ }}">
{% else %}
<input type="submit" value="{{ 'Follow' | _ }}">
{% endif %}
</form>
{% endif %}
</div>
<div class="user-summary">
{{ user.summary | safe }}
</div>