mirror of
https://git.joinplu.me/Plume/Plume.git
synced 2024-12-02 16:26:38 +00:00
d8ca1d70b7
GET routes are not protected against CSRF. This commit changes the needed URLs to POST and replace simple links with forms. Thanks @fdb-hiroshima for noticing it!
35 lines
1.1 KiB
Text
35 lines
1.1 KiB
Text
{% extends "base" %}
|
|
{% import "macros" as macros %}
|
|
|
|
{% block title %}
|
|
{{ "Media details" | _ }}
|
|
{% endblock title %}
|
|
|
|
{% block content %}
|
|
<h1>{{ "Media details" }}</h1>
|
|
<section>
|
|
<a href="/medias">{{ "Go back to the gallery" | _ }}</a>
|
|
</section>
|
|
|
|
<section>
|
|
<figure class="media">
|
|
{{ media.html | safe }}
|
|
<figcaption>{{ media.alt_text }}</figcaption>
|
|
</figure>
|
|
<div>
|
|
<p>
|
|
{{ "Markdown code" | _ }}
|
|
<small>{{ "Copy it in your articles to insert this media." }}</small>
|
|
</p>
|
|
<code>{{ media.md }}</code>
|
|
</div>
|
|
<div>
|
|
<form class="inline" method="post" action="/medias/{{ media.id }}/avatar">
|
|
<input class="button" type="submit" value="{{ 'Use as avatar' | _ }}">
|
|
</form>
|
|
<form class="inline" method="post" action="/medias/{{ media.id }}/delete">
|
|
<input class="button" type="submit" value="{{ 'Delete' | _ }}">
|
|
</form>
|
|
</div>
|
|
</section>
|
|
{% endblock content %}
|