flashii/misuzu
flashii/misuzu
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Replaced inputs of type hidden, csrf and text with macros.

Browse source
This commit is contained in:
flash 2018-10-25 03:35:53 +02:00
parent b7ff2e6505
commit 8a62431139
20 changed files with 137 additions and 101 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
misuzu.php
View file

@ -287,11 +287,11 @@ MIG;
tpl_add_filter('vsprintf');
tpl_add_filter('perms_check');
tpl_add_filter('bg_settings', 'user_background_settings_strings');
tpl_add_filter('csrf', 'csrf_html');
tpl_add_function('git_commit_hash');
tpl_add_function('git_tag');
tpl_add_function('csrf_token');
tpl_add_function('csrf_input', 'csrf_html');
tpl_add_function('startup_time', function (float $time = MSZ_STARTUP) {
return microtime(true) - $time;
});

5
public/auth.php
View file

@ -81,6 +81,11 @@ switch ($authMode) {
tpl_var('auth_reset_message', "A verification code should've been sent to your e-mail address.");
while ($isSubmission) {
if (!csrf_verify('passreset', $_POST['csrf'] ?? '')) {
tpl_var('auth_reset_error', 'Possible request forgery detected, refresh and try again.');
break;
}
if (!user_recovery_token_validate($resetUser['user_id'], $authVerification)) {
tpl_var('auth_reset_error', 'Invalid verification code!');
break;

8
templates/_layout/comments.twig
View file

@ -1,14 +1,16 @@
{% macro comments_input(category, user, perms, reply_to) %}
{% set reply_mode = reply_to is not null %}
{% from '_layout/input.twig' import input_hidden, input_csrf %}
<form class="comment comment--input{% if reply_mode %} comment--reply{% endif %}"
method="post" action="/comments.php?m=create"
id="comment-{{ reply_mode ? 'reply-' ~ reply_to.comment_id : 'create-' ~ category.category_id }}">
<input type="hidden" name="comment[category]" value="{{ category.category_id }}">
{{ 'comments'|csrf|raw }}
{{ input_hidden('comment[category]', category.category_id) }}
{{ input_csrf('comments') }}
{% if reply_mode %}
<input type="hidden" name="comment[reply]" value="{{ reply_to.comment_id }}">
{{ input_hidden('comment[reply]', reply_to.comment_id) }}
{% endif %}
<div class="comment__container">

24
templates/_layout/input.twig Normal file
View file

@ -0,0 +1,24 @@
{% macro input_hidden(name, value) %}
{% spaceless %}
<input type="hidden" name="{{ name }}" value="{{ value }}">
{% endspaceless %}
{% endmacro %}
{% macro input_csrf(realm, name) %} {# so we don't have to specify |raw every time #}
{% spaceless %}
{{ csrf_input(realm, name|default('csrf'))|raw }}
{% endspaceless %}
{% endmacro %}
{% macro input_text(name, class, value, type, placeholder, required, attributes) %}
{% spaceless %}
<input type="{{ type|default('text') }}" {% if name|length > 0 %}name="{{ name }}"{% else %}readonly{% endif %}
class="input__text{% if name|length < 1 %} input__text--readonly{% endif %}{{ class|length > 0 ? ' ' ~ class : '' }}"
{% if placeholder|length > 0 %}placeholder="{{ placeholder }}"{% endif %}
{% if value|length > 0 %}value="{{ value }}"{% endif %}
{% if required|default(false) %}required{% endif %}
{% for name, value in attributes|default([]) %}
{{ name }}{% if value|length > 0 %}="{{ value }}"{% endif %}
{% endfor %}>
{% endspaceless %}
{% endmacro %}

30
templates/auth/auth.twig
View file

@ -1,5 +1,6 @@
{% extends 'auth/master.twig' %}
{% from 'macros.twig' import container_title %}
{% from '_layout/input.twig' import input_hidden, input_csrf, input_text %}
{% from 'auth/macros.twig' import auth_login %}
{% block content %}
@ -11,8 +12,8 @@
{% if can_create_account %}
<form class="container auth" method="post" action="">
<input type="hidden" name="auth[mode]" value="register">
{{ 'register'|csrf|raw }}
{{ input_hidden('auth[mode]', 'register') }}
{{ input_csrf('register') }}
{{ container_title('Register') }}
@ -25,19 +26,10 @@
{% endif %}
<div class="auth__form">
<input class="input__text auth__input" type="text"
name="auth[username]" placeholder="Username"
value="{{ auth_username|default('') }}" required>
<input class="input__text auth__input" type="password"
name="auth[password]" placeholder="Password" required>
<input class="input__text auth__input" type="text"
name="auth[email]" placeholder="E-mail"
value="{{ auth_email|default('') }}" required>
<input class="input__text auth__input" type="text"
name="auth[meow]" placeholder="What is the outcome of nine plus ten?" required>
{{ input_text('auth[username]', 'auth__input', auth_username|default(''), 'text', 'Username', true) }}
{{ input_text('auth[password]', 'auth__input', '', 'password', 'Password', true) }}
{{ input_text('auth[email]', 'auth__input', auth_email|default(''), 'text', 'E-mail', true) }}
{{ input_text('auth[meow]', 'auth__input', '', 'text', 'What is the outcome of nine plus ten?', true) }}
<button class="input__button">Sign up</button>
</div>
@ -46,8 +38,8 @@
{% if can_reset_password %}
<form class="container auth" method="post" action="">
<input type="hidden" name="auth[mode]" value="forgot">
{{ 'passforgot'|csrf|raw }}
{{ input_hidden('auth[mode]', 'forgot') }}
{{ input_csrf('passforgot') }}
{{ container_title('Forgot password') }}
@ -60,9 +52,7 @@
{% endif %}
<div class="auth__form">
<input class="input__text auth__input" type="text"
name="auth[email]" placeholder="E-mail"
value="{{ auth_email|default('') }}" required>
{{ input_text('auth[email]', 'auth__input', auth_email|default(''), 'text', 'E-mail', true) }}
<button class="input__button">Send reminder</button>
</div>

14
templates/auth/macros.twig
View file

@ -1,9 +1,11 @@
{% macro auth_login(username, message, is_welcome) %} {# please only use this once per page, it has script shit rn #}
{% set is_welcome = is_welcome|default(false) %}
{% from '_layout/input.twig' import input_hidden, input_csrf, input_text %}
<form class="container auth" method="post" action="/auth.php">
<input type="hidden" name="auth[mode]" value="login">
{{ 'login'|csrf|raw }}
{{ input_hidden('auth[mode]', 'login') }}
{{ input_csrf('login') }}
<div class="auth__header">
<div class="auth__header__wrapper">
@ -21,12 +23,8 @@
{% endif %}
<div class="auth__form">
<input class="input__text auth__input" type="text"
name="auth[username]" placeholder="Username" id="login-username"
value="{{ username|default('') }}" required>
<input class="input__text auth__input" type="password"
name="auth[password]" placeholder="Password" required>
{{ input_text('auth[username]', 'auth__input', username|default(''), 'text', 'Username', true, {'id':'login-username'}) }}
{{ input_text('auth[password]', 'auth__input', '', 'password', 'Password', true) }}
<button class="input__button">Login</button>
</div>

26
templates/auth/password.twig
View file

@ -1,10 +1,12 @@
{% extends 'auth/master.twig' %}
{% from 'macros.twig' import container_title %}
{% from '_layout/input.twig' import input_hidden, input_csrf, input_text %}
{% block content %}
<form class="container auth" method="post" action="">
<input type="hidden" name="auth[mode]" value="reset">
<input type="hidden" name="auth[user]" value="{{ reset_user.user_id }}">
{{ input_hidden('auth[mode]', 'reset') }}
{{ input_hidden('auth[user]', reset_user.user_id) }}
{{ input_csrf('passreset') }}
{{ container_title('Resetting password for ' ~ reset_user.username) }}
@ -15,16 +17,18 @@
</div>
<div class="auth__form">
<input type="{{ reset_verify is defined ? 'hidden' : 'text' }}"
class="input__text input__text--monospace auth__input" type="text"
name="auth[verification]" placeholder="verification code" maxlength="12"
value="{{ reset_verify|default('') }}" required>
{{ input_text(
'auth[verification]',
'input__text--monospace auth__input',
reset_verify|default(''),
reset_verify is defined ? 'hidden' : 'text',
'verification code',
true,
{'maxlength':12}
) }}
<input class="input__text auth__input" type="password"
name="auth[password][new]" placeholder="new password" required>
<input class="input__text auth__input" type="password"
name="auth[password][confirm]" placeholder="confirm password" required>
{{ input_text('auth[password][new]', 'auth__input', '', 'password', 'new password', true) }}
{{ input_text('auth[password][confirm]', 'auth__input', '', 'password', 'confirm password', true) }}
<button class="input__button">Change password</button>
</div>

7
templates/forum/macros.twig
View file

@ -370,6 +370,7 @@
{% macro forum_posting_form(title, target_id, is_reply, element_id) %}
{% from 'macros.twig' import container_title %}
{% from '_layout/input.twig' import input_hidden, input_csrf, input_text %}
{% set is_reply = is_reply ? true : false %}
<form{% if element_id is defined %} id="{{ element_id }}"{% endif %}
@ -379,8 +380,8 @@
{{ container_title(title) }}
<div class="forum__posting__content">
<input type="hidden" name="post[{{ is_reply ? 'topic' : 'forum' }}]" value="{{ target_id }}">
{{ 'forum_post'|csrf|raw }}
{{ input_hidden('post[' ~ (is_reply ? 'topic' : 'forum') ~ ']', target_id) }}
{{ input_csrf('forum_post') }}
{#<div class="forum__posting__errors">
<p class="forum__posting__error">Error: Your post contained too much text, shorten it a bit or split it out in two posts.</p>
@ -388,7 +389,7 @@
{% if not is_reply %}
<div class="forum__posting__title">
<input class="input__text forum__posting__title__input" type="text" name="post[title]" placeholder="Topic title">
{{ input_text('post[title]', 'forum__posting__title__input', '', 'text', 'Topic title') }}
</div>
{% endif %}

7
templates/manage/changelog/action_edit.twig
View file

@ -1,24 +1,25 @@
{% extends 'manage/changelog/master.twig' %}
{% from 'macros.twig' import container_title %}
{% from '_layout/input.twig' import input_csrf, input_text %}
{% block manage_content %}
<div class="container">
<form action="?v=action{{ edit_action is defined ? '&a=' ~ edit_action.action_id : '' }}" method="post">
{{ 'changelog_action'|csrf|raw }}
{{ input_csrf('changelog_action') }}
{{ container_title(edit_action is defined ? 'Editing ' ~ edit_action.action_name ~ ' (' ~ edit_action.action_id ~ ')' : 'Adding a new action') }}
<label class="form__label">
<div class="form__label__text">Name</div>
<div class="form__label__input">
<input class="input__text" type="text" value="{{ edit_action is defined ? edit_action.action_name : '' }}" name="action[name]" maxlength="50">
{{ input_text('action[name]', '', edit_action is defined ? edit_action.action_name : '', 'text', '', true, {'maxlength':50}) }}
</div>
</label>
<label class="form__label">
<div class="form__label__text">Class</div>
<div class="form__label__input">
<input class="input__text" type="text" value="{{ edit_action is defined ? edit_action.action_class : '' }}" name="action[class]" maxlength="20">
{{ input_text('action[class]', '', edit_action is defined ? edit_action.action_class : '', 'text', '', true, {'maxlength':20}) }}
</div>
</label>

7
templates/manage/changelog/change_edit.twig
View file

@ -1,5 +1,6 @@
{% extends 'manage/changelog/master.twig' %}
{% from 'macros.twig' import container_title %}
{% from '_layout/input.twig' import input_csrf, input_text %}
{% if edit_change is defined %}
{% set site_link = '/changelog.php?c=' ~ edit_change.change_id %}
@ -8,14 +9,14 @@
{% block manage_content %}
<div class="container">
<form action="?v=change{{ edit_change is defined ? '&c=' ~ edit_change.change_id : '' }}" method="post">
{{ 'changelog_add'|csrf|raw }}
{{ input_csrf('changelog_add') }}
{{ container_title(edit_change is defined ? 'Editing #' ~ edit_change.change_id : 'Adding a new change') }}
<label class="form__label" style="width:100%">
<div class="form__label__text">Log</div>
<div class="form__label__input">
<input class="input__text" type="text" value="{{ edit_change is defined ? edit_change.change_log : '' }}" name="change[log]" maxlength="255">
{{ input_text('change[log]', '', edit_change is defined ? edit_change.change_log : '', 'text', '', true, {'maxlength':255}) }}
</div>
</label>
@ -49,7 +50,7 @@
<label class="form__label">
<div class="form__label__text">Created</div>
<div class="form__label__input">
<input class="input__text" type="text" value="{{ edit_change is defined ? edit_change.change_created : ''|date('Y-m-d H:i:s') }}" name="change[created]">
{{ input_text('change[created]', '', (edit_change is defined ? edit_change.change_created : ''|date('Y-m-d H:i:s')), 'text', '', true) }}
</div>
</label>

7
templates/manage/changelog/tag_edit.twig
View file

@ -1,17 +1,18 @@
{% extends 'manage/changelog/master.twig' %}
{% from 'macros.twig' import container_title %}
{% from '_layout/input.twig' import input_csrf, input_text %}
{% block manage_content %}
<div class="container">
<form action="?v=tag{{ edit_tag is defined ? '&t=' ~ edit_tag.tag_id : '' }}" method="post">
{{ 'changelog_tag'|csrf|raw }}
{{ input_csrf('changelog_tag') }}
{{ container_title(edit_tag is defined ? 'Editing ' ~ edit_tag.tag_name ~ ' (' ~ edit_tag.tag_id ~ ')' : 'Adding a new tag') }}
<label class="form__label" style="width:100%">
<div class="form__label__text">Name</div>
<div class="form__label__input">
<input class="input__text" type="text" value="{{ edit_tag is defined ? edit_tag.tag_name : '' }}" name="tag[name]" maxlength="255">
{{ input_text('tag[name]', '', edit_tag is defined ? edit_tag.tag_name : '', 'text', '', true, {'maxlength':255}) }}
</div>
</label>
@ -33,7 +34,7 @@
<label class="form__label">
<div class="form__label__text">Created</div>
<div class="form__label__input">
<input class="input__text" type="text" value="{{ edit_tag.tag_created }}" readonly>
{{ input_text('', '', edit_tag.tag_created) }}
</div>
</label>
{% endif %}

5
templates/manage/forum/forum.twig
View file

@ -1,6 +1,7 @@
{% extends 'manage/users/master.twig' %}
{% from 'macros.twig' import container_title %}
{% from 'manage/macros.twig' import permissions_table %}
{% from '_layout/input.twig' import input_hidden, input_csrf %}
{% block manage_content %}
<div class="container">
@ -8,8 +9,8 @@
<div class="container__content">
<form action="" method="get">
<input type="hidden" name="v" value="forumperms">
<input type="hidden" name="f" value="{{ forum.forum_id }}">
{{ input_hidden('v', 'forumperms') }}
{{ input_hidden('f', forum.forum_id) }}
<select name="r" class="input__select">
{% for role in roles %}
<option value="{{ role.role_id }}">{{ role.role_name }}</option>

9
templates/manage/general/quotes.twig
View file

@ -1,6 +1,7 @@
{% extends 'manage/general/master.twig' %}
{% from 'home/macros.twig' import chat_quote_display %}
{% from 'macros.twig' import pagination, container_title %}
{% from '_layout/input.twig' import input_hidden, input_csrf, input_text %}
{% block manage_content %}
<div class="container">
@ -8,8 +9,8 @@
{% if current_quote is defined %}
<form method="post" action="">
{{ 'add_quote'|csrf|raw }}
<input type="hidden" name="quote[id]" value="{{ current_quote.quote_id|default(0) }}">
{{ input_csrf('add_quote') }}
{{ input_hidden('quote[id]', current_quote.quote_id|default(0)) }}
* = optional
@ -26,12 +27,12 @@
<tr>
<td>Date/time*</td>
<td><input type="text" name="quote[time]" class="input__text" value="{{ current_quote.quote_timestamp|default(0)|date('Y-m-d H:i:s') }}"></td>
<td>{{ input_text('quote[time]', '', (current_quote.quote_timestamp|default('')|date('Y-m-d H:i:s'))) }}</td>
</tr>
<tr>
<td>Username</td>
<td><input type="text" required name="quote[user][name]" class="input__text" value="{{ current_quote.quote_username|default() }}"></td>
<td>{{ input_text('quote[user][name]', '', current_quote.quote_username|default(), 'text', '', true) }}</td>
</tr>
<tr>

7
templates/manage/news/category.twig
View file

@ -1,5 +1,6 @@
{% extends 'manage/news/master.twig' %}
{% from 'macros.twig' import container_title %}
{% from '_layout/input.twig' import input_hidden, input_csrf, input_text %}
{% set is_new = category|length < 1 %}
@ -7,13 +8,13 @@
<form method="post" action="" class="container">
{{ container_title(is_new ? 'New Category' : 'Editing ' ~ category.category_name) }}
{{ 'news_category'|csrf|raw }}
<input type="hidden" name="category[id]" value="{{ category.category_id|default(0) }}">
{{ input_csrf('news_category') }}
{{ input_hidden('category[id]', category.category_id|default(0)) }}
<table style="color:inherit">
<tr>
<td>Name</td>
<td><input type="text" required name="category[name]" class="input__text" value="{{ category.category_name|default() }}"></td>
<td>{{ input_text('category[name]', '', category.category_name|default(), 'text', '', true) }}</td>
</tr>
<tr>

7
templates/manage/news/post.twig
View file

@ -1,5 +1,6 @@
{% extends 'manage/news/master.twig' %}
{% from 'macros.twig' import container_title %}
{% from '_layout/input.twig' import input_hidden, input_csrf, input_text %}
{% set is_new = post|length < 1 %}
@ -7,13 +8,13 @@
<form method="post" action="" class="container">
{{ container_title(is_new ? 'New Post' : 'Editing ' ~ post.post_title) }}
{{ 'news_post'|csrf|raw }}
<input type="hidden" name="post[id]" value="{{ post.post_id|default(0) }}">
{{ input_csrf('news_post') }}
{{ input_hidden('post[id]', post.post_id|default(0)) }}
<table style="color:inherit">
<tr>
<td>Name</td>
<td><input type="text" required name="post[title]" class="input__text" value="{{ post.post_title|default() }}"></td>
<td>{{ input_text('post[title]', '', post.post_title|default(), 'text', '', true) }}</td>
</tr>
<tr>

7
templates/manage/users/roles_create.twig
View file

@ -1,10 +1,11 @@
{% extends 'manage/users/master.twig' %}
{% from 'macros.twig' import container_title %}
{% from 'manage/macros.twig' import permissions_table %}
{% from '_layout/input.twig' import input_csrf, input_text %}
{% block manage_content %}
<form action="?v=role{{ edit_role is defined ? '&r=' ~ edit_role.role_id : '' }}" method="post"{% if edit_role is defined %} style="{{ edit_role.role_colour|html_colour('--accent-colour') }}"{% endif %}>
{{ 'users_role'|csrf|raw }}
{{ input_csrf('users_role') }}
<div class="container">
{{ container_title(edit_role is defined ? 'Editing ' ~ edit_role.role_name ~ ' (' ~ edit_role.role_id ~ ')' : 'Creating a new role') }}
@ -12,7 +13,7 @@
<label class="form__label">
<div class="form__label__text">Role Name</div>
<div class="form__label__input">
<input class="input__text" type="text" value="{{ edit_role is defined ? edit_role.role_name : '' }}" name="role[name]" maxlength="255">
{{ input_text('role[name]', '', edit_role.role_name|default(''), 'text', '', true, {'maxlength':255}) }}
</div>
</label>
@ -33,7 +34,7 @@
<label class="form__label">
<div class="form__label__text">Title</div>
<div class="form__label__input">
<input class="input__text" type="text" value="{{ edit_role is defined ? edit_role.role_title : '' }}" name="role[title]" maxlength="64">
{{ input_text('role[title]', '', edit_role.role_title|default(''), 'text', '', false, {'maxlength':64}) }}
</div>
</label>

25
templates/manage/users/view.twig
View file

@ -1,13 +1,14 @@
{% extends 'manage/users/master.twig' %}
{% from 'macros.twig' import container_title %}
{% from 'manage/macros.twig' import permissions_table %}
{% from '_layout/input.twig' import input_csrf, input_text %}
{% set site_link = '/profile.php?u=' ~ view_user.user_id %}
{% block manage_content %}
{% if can_manage_users %}
<form method="post" enctype="multipart/form-data" action=""{% if view_user is defined %} style="{{ view_user.user_colour|html_colour('--accent-colour') }}"{% endif %}>
{{ 'users_edit'|csrf|raw }}
{{ input_csrf('users_edit') }}
<div class="container">
{{ container_title('Viewing ' ~ view_user.username ~ ' (' ~ view_user.user_id ~ ')') }}
@ -15,56 +16,56 @@
<label class="form__label">
<div class="form__label__text">Username</div>
<div class="form__label__input">
<input class="input__text" type="text" value="{{ view_user.username }}" name="user[username]" maxlength="16">
{{ input_text('user[username]', '', view_user.username, 'text', '', true, {'maxlength':16}) }}
</div>
</label>
<label class="form__label">
<div class="form__label__text">E-mail address</div>
<div class="form__label__input">
<input class="input__text" type="text" value="{{ view_user.email }}" name="user[email]" maxlength="255">
{{ input_text('user[email]', '', view_user.email, 'text', '', true, {'maxlength':255}) }}
</div>
</label>
<label class="form__label">
<div class="form__label__text">Title</div>
<div class="form__label__input">
<input class="input__text" type="text" value="{{ view_user.user_title }}" name="user[title]" maxlength="64">
{{ input_text('user[title]', '', view_user.user_title, 'text', '', false, {'maxlength':64}) }}
</div>
</label>
<label class="form__label">
<div class="form__label__text">Joined</div>
<div class="form__label__input">
<input class="input__text" readonly type="text" value="{{ view_user.created_at }}">
{{ input_text('', '', view_user.created_at) }}
</div>
</label>
<label class="form__label">
<div class="form__label__text">Last online</div>
<div class="form__label__input">
<input class="input__text" readonly type="text" value="{{ view_user.last_seen }}">
{{ input_text('', '', view_user.last_seen) }}
</div>
</label>
<label class="form__label">
<div class="form__label__text">Register IP</div>
<div class="form__label__input">
<input class="input__text" readonly type="text" value="{{ view_user.register_ip_decoded }}">
{{ input_text('', '', view_user.register_ip_decoded) }}
</div>
</label>
<label class="form__label">
<div class="form__label__text">Last IP</div>
<div class="form__label__input">
<input class="input__text" readonly type="text" value="{{ view_user.last_ip_decoded }}">
{{ input_text('', '', view_user.last_ip_decoded) }}
</div>
</label>
<label class="form__label">
<div class="form__label__text">Country</div>
<div class="form__label__input">
<input class="input__text" type="text" value="{{ view_user.user_country }}" name="user[country]" maxlength="2">
{{ input_text('user[country]', '', view_user.user_country, 'text', 'XX', true, {'maxlength':2,'minlength':2}) }}
</div>
</label>
</div>
@ -93,14 +94,14 @@
<label class="form__label">
<div class="form__label__text">New Password</div>
<div class="form__label__input">
<input class="input__text" type="password" name="password[new]">
{{ input_text('password[new]', '', '', 'password') }}
</div>
</label>
<label class="form__label">
<div class="form__label__text">Confirm Password</div>
<div class="form__label__input">
<input class="input__text" type="password" name="password[confirm]">
{{ input_text('password[confirm]', '', '', 'password') }}
</div>
</label>
</div>
@ -156,7 +157,7 @@
{{ container_title('Manage Roles') }}
<div class="container__content">
{{ 'users_edit'|csrf|raw }}
{{ input_csrf('users_edit') }}
<label class="form__label">
<div class="form__label__text">Has Roles</div>

27
templates/settings/account.twig
View file

@ -1,5 +1,6 @@
{% extends 'settings/master.twig' %}
{% from 'macros.twig' import container_title %}
{% from '_layout/input.twig' import input_hidden, input_csrf, input_text %}
{% if user_has_background %}
{% set site_background_url = '/profile.php?m=background&u=' ~ settings_user_id %}
@ -16,7 +17,7 @@
{{ container_title('Account') }}
<form action="" method="post" class="settings__account">
{{ 'settings'|csrf|raw }}
{{ input_csrf('settings') }}
<div class="settings__account__row">
{% if settings_perms.edit_profile %}
@ -29,7 +30,7 @@
{{ props.name }}
</div>
<div class="settings__account__input__value">
<input type="{{ props.type|default('text') }}" name="profile[{{ name }}]" value="{{ account_info['user_' ~ name] }}" class="input__text settings__account__input__value__text">
{{ input_text('profile[' ~ name ~ ']', 'settings__account__input__value__text', account_info['user_' ~ name], props.type|default('text')) }}
</div>
</label>
{% endfor %}
@ -58,7 +59,7 @@
Current e-mail address
</div>
<div class="settings__account__input__value">
<input type="text" class="input__text input__text--readonly settings__account__input__value__text" readonly value="{{ account_info.email }}">
{{ input_text('', 'settings__account__input__value__text', account_info.email) }}
</div>
</label>
@ -67,7 +68,7 @@
New e-mail Address
</div>
<div class="settings__account__input__value">
<input type="text" name="email[new]" class="input__text settings__account__input__value__text">
{{ input_text('email[new]', 'settings__account__input__value__text') }}
</div>
</label>
@ -76,7 +77,7 @@
Confirmation
</div>
<div class="settings__account__input__value">
<input type="text" name="email[confirm]" class="input__text settings__account__input__value__text">
{{ input_text('email[confirm]', 'settings__account__input__value__text') }}
</div>
</label>
</div>
@ -91,7 +92,7 @@
New Password
</div>
<div class="settings__account__input__value">
<input type="password" name="password[new]" class="input__text settings__account__input__value__text">
{{ input_text('password[new]', 'settings__account__input__value__text', '', 'password') }}
</div>
</label>
@ -100,7 +101,7 @@
Confirmation
</div>
<div class="settings__account__input__value">
<input type="password" name="password[confirm]" class="input__text settings__account__input__value__text">
{{ input_text('password[confirm]', 'settings__account__input__value__text', '', 'password') }}
</div>
</label>
</div>
@ -115,7 +116,7 @@
Current Password
</div>
<div class="settings__account__input__value">
<input type="password" name="current_password" placeholder="only needed for e-mail and password updating" class="input__text settings__account__input__value__text">
{{ input_text('current_password', 'settings__account__input__value__text', '', 'password', 'only needed for e-mail and password updating') }}
</div>
</label>
</div>
@ -138,8 +139,8 @@
{{ container_title('Avatar') }}
<form action="" method="post" class="settings__images" enctype="multipart/form-data">
<input type="hidden" name="MAX_FILE_SIZE" value="{{ background.max_size }}">
{{ 'settings'|csrf|raw }}
{{ input_hidden('MAX_FILE_SIZE', avatar.max_size) }}
{{ input_csrf('settings') }}
<div class="settings__images__sections">
<div class="settings__images__requirements">
@ -210,8 +211,8 @@
{{ container_title('Background') }}
<form action="" method="post" class="settings__images" enctype="multipart/form-data">
<input type="hidden" name="MAX_FILE_SIZE" value="{{ background.max_size }}">
{{ 'settings'|csrf|raw }}
{{ input_hidden('MAX_FILE_SIZE', background.max_size) }}
{{ input_csrf('settings') }}
<div class="settings__images__sections">
<div class="settings__images__requirements">
@ -295,7 +296,7 @@
{{ container_title('About') }}
<form method="post" action="" enctype="multipart/form-data" class="settings__about">
{{ 'settings'|csrf|raw }}
{{ input_csrf('settings') }}
<textarea name="about[text]" class="input__textarea settings__about__text" id="about-textarea">{{ account_info.user_about_content|escape }}</textarea>

7
templates/settings/sessions.twig
View file

@ -1,5 +1,6 @@
{% extends 'settings/master.twig' %}
{% from 'macros.twig' import pagination, container_title %}
{% from '_layout/input.twig' import input_hidden, input_csrf %}
{% set spagination = pagination(sessions_count, sessions_take, sessions_offset, '?m=sessions') %}
@ -13,7 +14,7 @@
</div>
<form class="settings__sessions__actions" method="post" action="?m=sessions">
{{ 'settings'|csrf|raw }}
{{ input_csrf('settings') }}
<button class="input__button" name="session_action" value="kill-all">
Kill all active sessions
@ -66,8 +67,8 @@
{% endif %}
<form class="settings__sessions__column settings__sessions__column--options" method="post" action="?m=sessions">
<input type="hidden" name="session" value="{{ session.session_id }}">
{{ 'settings'|csrf|raw }}
{{ input_hidden('session', session.session_id) }}
{{ input_csrf('settings') }}
<button class="input__button settings__sessions__button">
{{ session.session_id == active_session_id ? 'Logout' : 'Kill' }}

7
templates/user/profile.twig
View file

@ -1,5 +1,6 @@
{% extends 'user/master.twig' %}
{% from 'macros.twig' import container_title %}
{% from '_layout/input.twig' import input_hidden, input_csrf, input_text %}
{% set image = '/profile.php?u=' ~ profile.user_id ~ '&m=avatar' %}
{% set canonical_url = '/profile.php?u=' ~ profile.user_id %}
@ -42,8 +43,8 @@
{% block content %}
{% if is_editing %}
<form class="profile" method="post" action="/settings.php" enctype="multipart/form-data">
<input type="hidden" name="user" value="{{ profile.user_id }}">
{{ 'settings'|csrf|raw }}
{{ input_hidden('user', profile.user_id) }}
{{ input_csrf('settings') }}
{% if perms.edit_avatar %}
<input class="settings__avatar__input"
@ -130,7 +131,7 @@
</div>
{% if is_editing %}
<input type="{{ data.type|default('text') }}" name="profile[{{ name }}]" value="{{ profile['user_' ~ name] }}" class="input__text profile__accounts__input">
{{ input_text('profile[' ~ name ~ ']', 'profile__accounts__input', profile['user_' ~ name], data.type|default('text')) }}
{% else %}
<div class="profile__accounts__value"
{% if data.tooltip is defined %}title="{{ data.tooltip|format(data.value)|raw }}"{% endif %}>