mirror of
https://git.joinplu.me/Plume/Plume.git
synced 2024-11-23 03:51:00 +00:00
d8ca1d70b7
GET routes are not protected against CSRF. This commit changes the needed URLs to POST and replace simple links with forms. Thanks @fdb-hiroshima for noticing it!
44 lines
1.3 KiB
Text
44 lines
1.3 KiB
Text
<div class="user">
|
|
<div class="flex wrap">
|
|
{{ macros::avatar(user=user, size="medium") }}
|
|
|
|
<h1 class="grow flex vertical">
|
|
{{ user.name }}
|
|
<small>@{{ user.fqn }}</small>
|
|
</h1>
|
|
|
|
<p>
|
|
{% if user.is_admin %}
|
|
<span class="badge">{{ "Admin" | _ }}</span>
|
|
{% endif %}
|
|
|
|
{% if is_self %}
|
|
<span class="badge">{{ "It is you" | _ }}</span>
|
|
{% endif %}
|
|
|
|
{% if is_self %}
|
|
<a href="/@/{{ user.username }}/edit" class="button inline-block">{{ "Edit your profile" | _ }}</a>
|
|
{% endif %}
|
|
</p>
|
|
</div>
|
|
|
|
{% if is_remote %}
|
|
<a class="inline-block" href="{{ user.ap_url }}" target="_blank">{{ "Open on {{ instance_url }}" | _(instance_url=instance_url) }}</a>
|
|
{% endif %}
|
|
|
|
{% set not_self = not is_self %}
|
|
{% if not_self and (account is defined) %}
|
|
<form class="inline" method="post" action="/@/{{ user.fqn }}/follow/">
|
|
{% if follows %}
|
|
<input type="submit" value="{{ 'Unfollow' | _ }}">
|
|
{% else %}
|
|
<input type="submit" value="{{ 'Follow' | _ }}">
|
|
{% endif %}
|
|
</form>
|
|
{% endif %}
|
|
</div>
|
|
|
|
|
|
<div class="user-summary">
|
|
{{ user.summary | safe }}
|
|
</div>
|