external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Require password when deleting an account

Browse source 
Further reduce the attack surface in case of a stolen session ID.

Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
This commit is contained in:
Lukas Fleischer 2020-01-30 11:52:32 +01:00
parent 7aa420d24d
commit 8fc8898fef
2 changed files with 22 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

11
web/template/account_delete.php
View file

@ -12,8 +12,15 @@
<input type="hidden" name="token" value="<?= htmlspecialchars($_COOKIE['AURSID']) ?>" />
</fieldset>
<fieldset>
<p><label class="confirmation"><input type="checkbox" name="confirm" value="1" />
<?= __("Confirm deletion") ?></label></p>
<p>
<label for="id_passwd"><?= __("Password") ?>:</label>
<input type="password" size="30" name="passwd" id="id_passwd" value="" />
</p>
<p>
<label class="confirmation"><input type="checkbox" name="confirm" value="1" />
<?= __("Confirm deletion") ?></label>
</p>
<p>
<input type="submit" class="button" value="<?= __("Delete") ?>" />