diff options
| author | ᴜɴᴋɴᴡᴏɴ <u@gogs.io> | 2020-03-21 11:47:42 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-03-21 11:47:42 +0800 |
| commit | 958d8b6bb4c2da66859325695b91d871e567a4fa (patch) | |
| tree | a06d14f75c68eb760e7ad18a983aaae29ab51f66 /templates/admin | |
| parent | a43fc9ad17d4337dd26b9b8d867470ca8c548b41 (diff) | |
admin: use POST to run operations (#5997)
* admin: use POST to run operations
Fixed CSRF reported by Wenxu Wu of Tencent's Xuanwu Lab.
* Update CHANGELOG
Diffstat (limited to 'templates/admin')
| -rw-r--r-- | templates/admin/dashboard.tmpl | 72 |
1 files changed, 40 insertions, 32 deletions
diff --git a/templates/admin/dashboard.tmpl b/templates/admin/dashboard.tmpl index 49bc3609..b8ce439e 100644 --- a/templates/admin/dashboard.tmpl +++ b/templates/admin/dashboard.tmpl @@ -42,38 +42,46 @@ {{.i18n.Tr "admin.dashboard.operations"}} </h4> <div class="ui unstackable attached table segment"> - <table class="ui unstackable very basic table"> - <tbody> - <tr> - <td>{{.i18n.Tr "admin.dashboard.delete_inactivate_accounts"}}</td> - <td><i class="fa fa-caret-square-o-right"></i> <a href="{{AppSubURL}}/admin?op=1">{{.i18n.Tr "admin.dashboard.operation_run"}}</a></td> - </tr> - <tr> - <td>{{.i18n.Tr "admin.dashboard.delete_repo_archives"}}</td> - <td><i class="fa fa-caret-square-o-right"></i> <a href="{{AppSubURL}}/admin?op=2">{{.i18n.Tr "admin.dashboard.operation_run"}}</a></td> - </tr> - <tr> - <td>{{.i18n.Tr "admin.dashboard.delete_missing_repos"}}</td> - <td><i class="fa fa-caret-square-o-right"></i> <a href="{{AppSubURL}}/admin?op=3">{{.i18n.Tr "admin.dashboard.operation_run"}}</a></td> - </tr> - <tr> - <td>{{.i18n.Tr "admin.dashboard.git_gc_repos"}}</td> - <td><i class="fa fa-caret-square-o-right"></i> <a href="{{AppSubURL}}/admin?op=4">{{.i18n.Tr "admin.dashboard.operation_run"}}</a></td> - </tr> - <tr> - <td>{{.i18n.Tr "admin.dashboard.resync_all_sshkeys"}}</td> - <td><i class="fa fa-caret-square-o-right"></i> <a href="{{AppSubURL}}/admin?op=5">{{.i18n.Tr "admin.dashboard.operation_run"}}</a></td> - </tr> - <tr> - <td>{{.i18n.Tr "admin.dashboard.resync_all_hooks"}}</td> - <td><i class="fa fa-caret-square-o-right"></i> <a href="{{AppSubURL}}/admin?op=6">{{.i18n.Tr "admin.dashboard.operation_run"}}</a></td> - </tr> - <tr> - <td>{{.i18n.Tr "admin.dashboard.reinit_missing_repos"}}</td> - <td><i class="fa fa-caret-square-o-right"></i> <a href="{{AppSubURL}}/admin?op=7">{{.i18n.Tr "admin.dashboard.operation_run"}}</a></td> - </tr> - </tbody> - </table> + <form action="{{AppSubURL}}/admin" method="post"> + <table class="ui unstackable very basic table"> + <tbody> + <tr> + <td> + {{.CSRFTokenHTML}} + <div class="ui fluid selection dropdown"> + <input type="hidden" name="op"> + <i class="dropdown icon"></i> + <div class="default text">{{.i18n.Tr "admin.dashboard.select_operation_to_run"}}</div> + <div class="menu"> + <div class="item" data-value="1"> + {{.i18n.Tr "admin.dashboard.delete_inactivate_accounts"}} + </div> + <div class="item" data-value="2"> + {{.i18n.Tr "admin.dashboard.delete_repo_archives"}} + </div> + <div class="item" data-value="3"> + {{.i18n.Tr "admin.dashboard.delete_missing_repos"}} + </div> + <div class="item" data-value="4"> + {{.i18n.Tr "admin.dashboard.git_gc_repos"}} + </div> + <div class="item" data-value="5"> + {{.i18n.Tr "admin.dashboard.resync_all_sshkeys"}} + </div> + <div class="item" data-value="6"> + {{.i18n.Tr "admin.dashboard.resync_all_hooks"}} + </div> + <div class="item" data-value="7"> + {{.i18n.Tr "admin.dashboard.reinit_missing_repos"}} + </div> + </div> + </div> + </td> + <td><button class="ui button" type="submit">{{.i18n.Tr "admin.dashboard.operation_run"}}</button></td> + </tr> + </tbody> + </table> + </form> </div> <h4 class="ui top attached header"> |