mirror of
https://git.joinplu.me/Plume/Plume.git
synced 2024-11-27 05:51:02 +00:00
d8ca1d70b7
GET routes are not protected against CSRF. This commit changes the needed URLs to POST and replace simple links with forms. Thanks @fdb-hiroshima for noticing it!
33 lines
1.2 KiB
Text
33 lines
1.2 KiB
Text
{% extends "base" %}
|
|
{% import "macros" as macros %}
|
|
|
|
{% block title %}
|
|
{{ "Administration of {{ instance.name }}" | _(instance=instance) }}
|
|
{% endblock title %}
|
|
|
|
{% block content %}
|
|
<h1>{{ "Instances" | _ }}</h1>
|
|
|
|
{{ macros::tabs(links=['/admin', '/admin/instances', '/admin/users'], titles=['Configuration', 'Instances', 'Users'], selected=2) }}
|
|
|
|
<div class="list">
|
|
{% for instance in instances %}
|
|
<div class="flex">
|
|
<p class="grow">
|
|
<a href="https://{{ instance.public_domain }}">{{ instance.name }}</a>
|
|
<small>{{ instance.public_domain }}</small>
|
|
</p>
|
|
{% if not instance.local %}
|
|
<form class="inline" method="post" action="/admin/instances/{{ instance.id }}/block">
|
|
{% if instance.blocked %}
|
|
<input type="submit" value="{{ 'Unblock' | _ }}">
|
|
{% else %}
|
|
<input type="submit" value="{{ 'Block' | _ }}">
|
|
{% endif %}
|
|
</form>
|
|
{% endif %}
|
|
</div>
|
|
{% endfor %}
|
|
</div>
|
|
{{ macros::paginate(page=page, total=n_pages) }}
|
|
{% endblock content %}
|