jessikitty/Disco
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security: use more antiforgery tokens

Browse Source
This commit is contained in:
Gary Sharp
2025-07-25 12:32:44 +10:00
parent fd43d85778
commit 7deead494b
222 changed files with 12919 additions and 11728 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Disco.Web/Areas/Config/Views/Plugins/Configure.cshtml
+4 -3
View File
@@ -1,11 +1,12 @@
@model Disco.Web.Areas.Config.Models.Plugins.PluginConfigurationViewModel
@{
Authorization.Require(Claims.Config.Plugin.Configure);
ViewBag.Title = Html.ToBreadcrumb("Configuration", MVC.Config.Config.Index(), "Plugins", MVC.Config.Plugins.Index(), Model.Manifest.Name);
}
@using (Html.BeginForm())
{
{
@Html.AntiForgeryToken()
@Html.ValidationSummary(false)
<div class="clearfix">
@Html.PartialCompiled(Model.PluginViewType, Model.PluginViewModel)
@@ -13,4 +14,4 @@
<div class="actionBar">
<input type="submit" class="button" value="Save Configuration" />
</div>
}
}
Disco.Web/Areas/Config/Views/Plugins/Index.cshtml
+1 -1
View File
@@ -88,7 +88,7 @@
<i class="fa fa-exclamation-triangle"></i><strong>Warning:</strong> Data will be permanently deleted
</p>
</div>
@using (Html.BeginForm(MVC.API.Plugin.Uninstall(), FormMethod.Post))
@using (Html.BeginForm(MVC.API.Plugin.Uninstall()))
{
@Html.AntiForgeryToken()
<input type="hidden" name="id" id="dialogUninstallPluginId" />
Disco.Web/Areas/Config/Views/Plugins/Index.generated.cs
+1 -1
View File
@@ -411,7 +411,7 @@ WriteLiteral("></i><strong>Warning:</strong> Data will be permanently deleted\r\
#line hidden
#line 91 "..\..\Areas\Config\Views\Plugins\Index.cshtml"
using (Html.BeginForm(MVC.API.Plugin.Uninstall(), FormMethod.Post))
using (Html.BeginForm(MVC.API.Plugin.Uninstall()))
{
Disco.Web/Areas/Config/Views/Plugins/Install.cshtml
+1 -1
View File
@@ -75,7 +75,7 @@
<strong>Only Install plugins from a trusted source.</strong>
</p>
</div>
@using (Html.BeginForm(MVC.API.Plugin.Install(), FormMethod.Post))
@using (Html.BeginForm(MVC.API.Plugin.Install()))
{
@Html.AntiForgeryToken()
}
Disco.Web/Areas/Config/Views/Plugins/Install.generated.cs
+1 -1
View File
@@ -434,7 +434,7 @@ WriteLiteral("></i><strong>Warning:</strong> All plugins run with the same level
#line hidden
#line 78 "..\..\Areas\Config\Views\Plugins\Install.cshtml"
using (Html.BeginForm(MVC.API.Plugin.Install(), FormMethod.Post))
using (Html.BeginForm(MVC.API.Plugin.Install()))
{
Disco.Web/Areas/Config/Views/Plugins/ProviderConfiguration.generated.cs
+20 -5
View File
@@ -47,7 +47,7 @@ namespace Disco.Web.Areas.Config.Views.Plugins
#line 2 "..\..\Areas\Config\Views\Plugins\Configure.cshtml"
Authorization.Require(Claims.Config.Plugin.Configure);
ViewBag.Title = Html.ToBreadcrumb("Configuration", MVC.Config.Config.Index(), "Plugins", MVC.Config.Plugins.Index(), Model.Manifest.Name);
@@ -58,20 +58,34 @@ WriteLiteral("\r\n");
#line 7 "..\..\Areas\Config\Views\Plugins\Configure.cshtml"
using (Html.BeginForm())
{
{
#line default
#line hidden
#line 9 "..\..\Areas\Config\Views\Plugins\Configure.cshtml"
Write(Html.ValidationSummary(false));
Write(Html.AntiForgeryToken());
#line default
#line hidden
#line 9 "..\..\Areas\Config\Views\Plugins\Configure.cshtml"
#line default
#line hidden
#line 10 "..\..\Areas\Config\Views\Plugins\Configure.cshtml"
Write(Html.ValidationSummary(false));
#line default
#line hidden
#line 10 "..\..\Areas\Config\Views\Plugins\Configure.cshtml"
@@ -86,7 +100,7 @@ WriteLiteral(">\r\n");
WriteLiteral(" ");
#line 11 "..\..\Areas\Config\Views\Plugins\Configure.cshtml"
#line 12 "..\..\Areas\Config\Views\Plugins\Configure.cshtml"
Write(Html.PartialCompiled(Model.PluginViewType, Model.PluginViewModel));
@@ -109,8 +123,9 @@ WriteLiteral(" value=\"Save Configuration\"");
WriteLiteral(" />\r\n </div>\r\n");
#line 16 "..\..\Areas\Config\Views\Plugins\Configure.cshtml"
#line 17 "..\..\Areas\Config\Views\Plugins\Configure.cshtml"
}
#line default
#line hidden