swaggboi/PostText
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

CSRF validation for mod/admin actions

Browse source
This commit is contained in:
swaggboi 2024-08-15 21:25:12 -04:00
parent 69cd01361b
commit c5098263b3
1 changed files with 56 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

63
lib/PostText/Controller/Moderator.pm
View file

@ -160,8 +160,15 @@ sub create($self) {
$v->required('name' )->size(1, 64); $v->required('name' )->size(1, 64);
$v->required('email' )->size(6, 320); $v->required('email' )->size(6, 320);
$v->required('password')->size(12, undef); $v->required('password')->size(12, undef);
$v->csrf_protect;
if ($v->has_error) { if ($v->has_error('csrf_token')) {
$self->stash(
status => 403,
error => 'Something went wrong, please try again. 🥺'
)
}
elsif ($v->has_error) {
$self->stash(status => 400) $self->stash(status => 400)
} }
else { else {
@ -185,8 +192,15 @@ sub admin_reset($self) {
if ($v && $v->has_data) { if ($v && $v->has_data) {
$v->required('email' )->size(6, 320); $v->required('email' )->size(6, 320);
$v->required('password')->size(12, undef); $v->required('password')->size(12, undef);
$v->csrf_protect;
if ($v->has_error) { if ($v->has_error('csrf_token')) {
$self->stash(
status => 403,
error => 'Something went wrong, please try again. 🥺'
)
}
elsif ($v->has_error) {
$self->stash(status => 400) $self->stash(status => 400)
} }
else { else {
@ -208,8 +222,15 @@ sub mod_reset($self) {
if ($v && $v->has_data) { if ($v && $v->has_data) {
$v->required('password')->size(12, undef); $v->required('password')->size(12, undef);
$v->csrf_protect;
if ($v->has_error) { if ($v->has_error('csrf_token')) {
$self->stash(
status => 403,
error => 'Something went wrong, please try again. 🥺'
)
}
elsif ($v->has_error) {
$self->stash(status => 400) $self->stash(status => 400)
} }
else { else {
@ -233,8 +254,15 @@ sub lock_acct($self) {
if ($v && $v->has_data) { if ($v && $v->has_data) {
$v->required('email')->size(6, 320); $v->required('email')->size(6, 320);
$v->csrf_protect;
if ($v->has_error) { if ($v->has_error('csrf_token')) {
$self->stash(
status => 403,
error => 'Something went wrong, please try again. 🥺'
)
}
elsif ($v->has_error) {
$self->stash(status => 400) $self->stash(status => 400)
} }
else { else {
@ -255,8 +283,15 @@ sub unlock_acct($self) {
if ($v && $v->has_data) { if ($v && $v->has_data) {
$v->required('email')->size(6, 320); $v->required('email')->size(6, 320);
$v->csrf_protect;
if ($v->has_error) { if ($v->has_error('csrf_token')) {
$self->stash(
status => 403,
error => 'Something went wrong, please try again. 🥺'
)
}
elsif ($v->has_error) {
$self->stash(status => 400) $self->stash(status => 400)
} }
else { else {
@ -277,8 +312,15 @@ sub promote($self) {
if ($v && $v->has_data) { if ($v && $v->has_data) {
$v->required('email')->size(6, 320); $v->required('email')->size(6, 320);
$v->csrf_protect;
if ($v->has_error) { if ($v->has_error('csrf_token')) {
$self->stash(
status => 403,
error => 'Something went wrong, please try again. 🥺'
)
}
elsif ($v->has_error) {
$self->stash(status => 400) $self->stash(status => 400)
} }
else { else {
@ -299,8 +341,15 @@ sub demote($self) {
if ($v && $v->has_data) { if ($v && $v->has_data) {
$v->required('email')->size(6, 320); $v->required('email')->size(6, 320);
$v->csrf_protect;
if ($v->has_error) { if ($v->has_error('csrf_token')) {
$self->stash(
status => 403,
error => 'Something went wrong, please try again. 🥺'
)
}
elsif ($v->has_error) {
$self->stash(status => 400) $self->stash(status => 400)
} }
else { else {