lucas.mathieu/cachet-docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sign internal redirects and routes for subscribe.manage

Browse Source
This commit is contained in:
Craig Ballinger
2019-10-18 09:05:06 -04:00
parent d7fd5be807
commit 9718239817
3 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/Http/Controllers/SubscribeController.php
View File

@@ -208,13 +208,13 @@ class SubscribeController extends Controller
try {
execute(new UpdateSubscriberSubscriptionCommand($subscriber, Binput::get('subscriptions')));
} catch (ValidationException $e) {
return cachet_redirect('subscribe.manage', $subscriber->verify_code)
return redirect()->to(URL::signedRoute(cachet_route_generator('subscribe.manage'), ['code' => $subscriber->verify_code]))
->withInput(Binput::all())
->withTitle(sprintf('%s %s', trans('dashboard.notifications.whoops'), trans('cachet.subscriber.email.failure')))
->withErrors($e->getMessageBag());
}
return cachet_redirect('subscribe.manage', $subscriber->verify_code)
return redirect()->to(URL::signedRoute(cachet_route_generator('subscribe.manage'), ['code' => $subscriber->verify_code]))
->withSuccess(sprintf('%s %s', trans('dashboard.notifications.awesome'), trans('cachet.subscriber.email.updated-subscribe')));
}
}

2
resources/views/dashboard/subscribers/index.blade.php
View File

@@ -47,7 +47,7 @@
@endif
</div>
<div class="col-xs-3 text-right">
<a href="{{ cachet_route('subscribe.manage', $subscriber->verify_code) }}" target="_blank" class="btn btn-success">{{ trans('forms.edit') }}</a>
<a href="{{ URL::signedRoute(cachet_route_generator('subscribe.manage'), ['code' => $subscriber->verify_code]) }}" target="_blank" class="btn btn-success">{{ trans('forms.edit') }}</a>
<a href="{{ cachet_route('dashboard.subscribers.delete', [$subscriber->id], 'delete') }}" class="btn btn-danger confirm-action" data-method='DELETE'>{{ trans('forms.delete') }}</a>
</div>
</div>

2
resources/views/subscribe/manage.blade.php
View File

@@ -16,7 +16,7 @@
<h1>{{ $appName }} {{ trans('cachet.subscriber.manage.notifications') }}</h1>
<p>{{ trans('cachet.subscriber.manage.notifications_for') }} <strong>{{ $subscriber->email }}</strong></p>
</div>
<form action="{{ cachet_route('subscribe.manage', [$subscriber->verify_code], 'post') }}" method="post">
<form action="{{ URL::signedRoute(cachet_route_generator('subscribe.manage'), ['code' => $subscriber->verify_code]) }}" method="post">
<input type="hidden" name="_token" value="{{ csrf_token() }}">
@if($componentGroups->isNotEmpty() || $ungroupedComponents->isNotEmpty())
@foreach($componentGroups as $componentGroup)