kallithea Files · docs/theme/nature/layout.html

Files @ 1346754f1852

Branch filter:

Location: kallithea/docs/theme/nature/layout.html

1346754f1852 1.0 KiB text/html Show Annotation Show as Raw Download as Raw

Mads Kiilerich

forms: don't use secure forms with authentication token for GET requests

The token is secret and should never be used in forms posted with GET which are
URL encoded. aef21d16a262 was too aggresive in using secure forms everywhere
and did thus also incorrectly use them for forms posted with GET.

Some token leakage was reported by Gjoko Krstic <gjoko@zeroscience.mk> of Zero
Science Lab.

{% extends "basic/layout.html" %}

{% block sidebarlogo %}
<div style="text-align:center;margin:30px 0;">
  <img src="{{pathto('_static/kallithea-logo.svg',1)}}" width="200px"/>
</div>
<h3>Support Kallithea development</h3>
<div style="text-align:center">
<form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_top">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="EYXFS3SQPHYUL">
<input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif" border="0" name="submit" alt="PayPal &ndash; The safer, easier way to pay online!">
<img alt="" border="0" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1">
</form>
    <div style="padding:5px">
     <a href="https://flattr.com/thing/922714/Donate-to-Software-Freedom-Conservancy" target="_blank">
     <img src="http://api.flattr.com/button/flattr-badge-large.png" alt="Flattr this" title="Flattr this" border="0" /></a>
    </div>
</div>
{% endblock %}}