Plume/templates/users/edit.html.tera
Bat d8ca1d70b7 Fix CSRF issues
GET routes are not protected against CSRF. This commit changes the needed URLs to
POST and replace simple links with forms.

Thanks @fdb-hiroshima for noticing it!
2018-09-19 18:13:07 +01:00

35 lines
1.1 KiB
Plaintext

{% extends "base" %}
{% block title %}
{{ "Edit your account" | _ }}
{% endblock title %}
{% block content %}
<h1>{{ "Your Profile" | _ }}</h1>
<form method="post">
<!-- Rocket hack to use various HTTP methods -->
<input type=hidden name="_method" value="put">
<label for="display_name">{{ "Display Name" | _ }}</label>
<input name="display_name" value="{{ account.display_name }}">
<label for="email">{{ "Email" | _ }}</label>
<input name="email" value="{{ account.email }}">
<label for="summary">{{ "Summary" | _ }}</label>
<input name="summary" value="{{ account.summary }}">
<input type="submit" value="{{ "Update account" | _ }}"/>
</form>
<h2>{{ "Danger zone" | _ }}</h2>
<p>{{ "Be very careful, any action taken here can't be cancelled." | _ }}
{% if not account.is_admin %}
<form method="post" action="/@/{{ account.fqn }}/delete">
<input type="submit" class="inline-block button destructive" value="{{ 'Delete your account' | _ }}">
</form>
{% else %}
<p>{{ "Sorry, but as an admin, you can't leave your instance." | _ }}</p>
{% endif %}
{% endblock content %}