diff options
| author | the lemons <citrons@mondecitronne.com> | 2023-04-07 06:27:11 -0500 |
|---|---|---|
| committer | the lemons <citrons@mondecitronne.com> | 2023-04-07 06:27:11 -0500 |
| commit | b30b3bd0faae77830944def1713781c5bf1b3fab (patch) | |
| tree | b620e2114b814185b63bf1e08086d835bba816e9 /forms.lua | |
| parent | d9bfac3d1628e328abaf9e11006d444412ce3f94 (diff) | |
CSRF prevention
Diffstat (limited to 'forms.lua')
| -rw-r--r-- | forms.lua | 6 |
1 files changed, 5 insertions, 1 deletions
@@ -86,13 +86,15 @@ function M.connect(uid, token, meta, endpoint) end) end -function M.user_settings(user, messages) +function M.user_settings(user, token, messages) show_messages(messages) html.form({method = "POST"}, function() + hidden('token', token) input('text', 'username', "username: ", user:get "username", "change") end) html.form({method = "POST"}, function() + hidden('token', token) input('email', 'email', "email: ", user:get "email", "change") end) @@ -102,11 +104,13 @@ function M.user_settings(user, messages) input('password', 'password', "current password: ") input('password', 'new_password', "new password: ") input('password', 'confirm_password', "confirm password: ") + hidden('token', token) input('submit', nil, nil, "change") end) html.h3 "log out" html.form({method = "POST"}, function() hidden('logout', 'yes') + hidden('token', token) input('checkbox', 'everywhere', "log out everywhere", nil, "log out") end) |