diff --git a/src/mibew/libs/classes/Mibew/Controller/AbstractController.php b/src/mibew/libs/classes/Mibew/Controller/AbstractController.php
index a5e242ac..158817bf 100644
--- a/src/mibew/libs/classes/Mibew/Controller/AbstractController.php
+++ b/src/mibew/libs/classes/Mibew/Controller/AbstractController.php
@@ -24,6 +24,7 @@ use Mibew\Asset\AssetUrlGeneratorInterface;
use Mibew\Authentication\AuthenticationManagerAwareInterface;
use Mibew\Authentication\AuthenticationManagerInterface;
use Mibew\Handlebars\HandlebarsAwareInterface;
+use Mibew\Handlebars\Helper\CsrfProtectedRouteHelper;
use Mibew\Handlebars\Helper\RouteHelper;
use Mibew\Routing\RouterAwareInterface;
use Mibew\Routing\RouterInterface;
@@ -69,8 +70,12 @@ abstract class AbstractController implements
// Update router in the style helpers
if (!is_null($this->style) && $this->style instanceof HandlebarsAwareInterface) {
- if ($this->style->getHandlebars()->hasHelper('route')) {
- $this->style->getHandlebars()->getHelper('route')->setRouter($router);
+ $handlebars = $this->style->getHandlebars();
+ if ($handlebars->hasHelper('route')) {
+ $handlebars->getHelper('route')->setRouter($router);
+ }
+ if ($handlebars->hasHelper('csrfProtectedRoute')) {
+ $handlebars->getHelper('csrfProtectedRoute')->setRouter($router);
}
}
}
@@ -233,6 +238,10 @@ abstract class AbstractController implements
'route',
new RouteHelper($this->getRouter())
);
+ $style->getHandlebars()->addHelper(
+ 'csrfProtectedRoute',
+ new CsrfProtectedRouteHelper($this->getRouter())
+ );
}
return $style;
diff --git a/src/mibew/libs/classes/Mibew/Handlebars/Helper/CsrfProtectedRouteHelper.php b/src/mibew/libs/classes/Mibew/Handlebars/Helper/CsrfProtectedRouteHelper.php
new file mode 100644
index 00000000..f51304e6
--- /dev/null
+++ b/src/mibew/libs/classes/Mibew/Handlebars/Helper/CsrfProtectedRouteHelper.php
@@ -0,0 +1,61 @@
+
+ * {{csrfProtectedRoute "hello" to="world"}}
+ *
+ * The code above generates URL for route named "hello" and pass parameter
+ * "to" equals to "world" to URL generator. CSRF token will be included to
+ * the parmeters list.
+ */
+class CsrfProtectedRouteHelper extends RouteHelper
+{
+ /**
+ * {@inheritdoc}
+ *
+ * @todo Use combined arguments parser when it will be implemented in
+ * Handlebars.php.
+ */
+ public function execute(Template $template, Context $context, $args, $source)
+ {
+ $named_args = $template->parseNamedArguments($args);
+ $positional_args = $template->parseArguments($args);
+ $route_name = (string)$context->get($positional_args[0]);
+
+ $parameters = array();
+ foreach ($named_args as $name => $parsed_arg) {
+ $parameters[$name] = $context->get($parsed_arg);
+ }
+
+ $parameters['csrf_token'] = get_csrf_token();
+
+ return $this->getRouter()->generate($route_name, $parameters);
+ }
+}
diff --git a/src/mibew/libs/classes/Mibew/Handlebars/Helper/CsrfTokenInUrlHelper.php b/src/mibew/libs/classes/Mibew/Handlebars/Helper/CsrfTokenInUrlHelper.php
deleted file mode 100644
index e1a589c0..00000000
--- a/src/mibew/libs/classes/Mibew/Handlebars/Helper/CsrfTokenInUrlHelper.php
+++ /dev/null
@@ -1,44 +0,0 @@
-
- * {{csrfTokenInUrl}}
- *
- */
-class CsrfTokenInUrlHelper implements HelperInterface
-{
- /**
- * {@inheritdoc}
- */
- public function execute(Template $template, Context $context, $args, $source)
- {
- return new SafeString(get_csrf_token_in_url());
- }
-}
diff --git a/src/mibew/libs/classes/Mibew/Handlebars/HelpersSet.php b/src/mibew/libs/classes/Mibew/Handlebars/HelpersSet.php
index f6b46dde..d2f79a92 100644
--- a/src/mibew/libs/classes/Mibew/Handlebars/HelpersSet.php
+++ b/src/mibew/libs/classes/Mibew/Handlebars/HelpersSet.php
@@ -60,7 +60,6 @@ class HelpersSet
'formatDateDiff' => (new Helper\FormatDateDiffHelper()),
'cutString' => (new Helper\CutStringHelper()),
'csrfTokenInput' => (new Helper\CsrfTokenInputHelper()),
- 'csrfTokenInUrl' => (new Helper\CsrfTokenInUrlHelper()),
);
}
diff --git a/src/mibew/libs/common/csrf.php b/src/mibew/libs/common/csrf.php
index bd36456a..02f4946f 100644
--- a/src/mibew/libs/common/csrf.php
+++ b/src/mibew/libs/common/csrf.php
@@ -50,11 +50,11 @@ function get_csrf_token_input()
return '';
}
-function get_csrf_token_in_url()
+function get_csrf_token()
{
set_csrf_token();
- return "csrf_token=" . $_SESSION['csrf_token'];
+ return $_SESSION['csrf_token'];
}
/* set csrf token */
diff --git a/src/mibew/styles/pages/default/templates_src/server_side/bans.handlebars b/src/mibew/styles/pages/default/templates_src/server_side/bans.handlebars
index 71a291b7..03de10f7 100644
--- a/src/mibew/styles/pages/default/templates_src/server_side/bans.handlebars
+++ b/src/mibew/styles/pages/default/templates_src/server_side/bans.handlebars
@@ -56,7 +56,7 @@
| {{cutString comment "30"}} |
-
+
{{l10n "remove"}}
,
{{l10n "edit"}},
- {{l10n "remove"}}
+ {{l10n "remove"}}
|
{{else}}
diff --git a/src/mibew/styles/pages/default/templates_src/server_side/groups.handlebars b/src/mibew/styles/pages/default/templates_src/server_side/groups.handlebars
index 30e69b66..30dbba3e 100644
--- a/src/mibew/styles/pages/default/templates_src/server_side/groups.handlebars
+++ b/src/mibew/styles/pages/default/templates_src/server_side/groups.handlebars
@@ -125,7 +125,7 @@
{{#if ../canmodify}}
-
+
{{l10n "remove"}}
|
diff --git a/src/mibew/styles/pages/default/templates_src/server_side/locales.handlebars b/src/mibew/styles/pages/default/templates_src/server_side/locales.handlebars
index e4a6ca6a..474dfd65 100644
--- a/src/mibew/styles/pages/default/templates_src/server_side/locales.handlebars
+++ b/src/mibew/styles/pages/default/templates_src/server_side/locales.handlebars
@@ -51,9 +51,9 @@
{{#if isDisabled}}
- {{l10n "enable"}}
+ {{l10n "enable"}}
{{else}}
- {{l10n "disable"}}
+ {{l10n "disable"}}
{{/if}}
|
diff --git a/src/mibew/styles/pages/default/templates_src/server_side/operator_avatar.handlebars b/src/mibew/styles/pages/default/templates_src/server_side/operator_avatar.handlebars
index 03e8d691..06960674 100644
--- a/src/mibew/styles/pages/default/templates_src/server_side/operator_avatar.handlebars
+++ b/src/mibew/styles/pages/default/templates_src/server_side/operator_avatar.handlebars
@@ -30,7 +30,7 @@
{{#if canmodify}}
-
+
{{l10n "Remove avatar"}}
{{/if}}
diff --git a/src/mibew/styles/pages/default/templates_src/server_side/operators.handlebars b/src/mibew/styles/pages/default/templates_src/server_side/operators.handlebars
index 1a92613f..5b40efb5 100644
--- a/src/mibew/styles/pages/default/templates_src/server_side/operators.handlebars
+++ b/src/mibew/styles/pages/default/templates_src/server_side/operators.handlebars
@@ -111,14 +111,14 @@
{{#if ../canmodify}}
{{#if isDisabled}}
- {{l10n "enable"}}
+ {{l10n "enable"}}
{{else}}
- {{l10n "disable"}}
+ {{l10n "disable"}}
{{/if}}
|
-
+
{{l10n "remove"}}
|