Plume/templates/medias/details.html.tera
Bat d8ca1d70b7 Fix CSRF issues
GET routes are not protected against CSRF. This commit changes the needed URLs to
POST and replace simple links with forms.

Thanks @fdb-hiroshima for noticing it!
2018-09-19 18:13:07 +01:00

36 lines
1.1 KiB
Plaintext

{% extends "base" %}
{% import "macros" as macros %}
{% block title %}
{{ "Media details" | _ }}
{% endblock title %}
{% block content %}
<h1>{{ "Media details" }}</h1>
<section>
<a href="/medias">{{ "Go back to the gallery" | _ }}</a>
</section>
<section>
<figure class="media">
{{ media.html | safe }}
<figcaption>{{ media.alt_text }}</figcaption>
</figure>
<div>
<p>
{{ "Markdown code" | _ }}
<small>{{ "Copy it in your articles to insert this media." }}</small>
</p>
<code>{{ media.md }}</code>
</div>
<div>
<form class="inline" method="post" action="/medias/{{ media.id }}/avatar">
<input class="button" type="submit" value="{{ 'Use as avatar' | _ }}">
</form>
<form class="inline" method="post" action="/medias/{{ media.id }}/delete">
<input class="button" type="submit" value="{{ 'Delete' | _ }}">
</form>
</div>
</section>
{% endblock content %}