SilverLABS/littleshop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix missing CSRF tokens in all delete forms

Browse Source 
- Added @Html.AntiForgeryToken() to Products delete form
- Added @Html.AntiForgeryToken() to Categories delete form
- Added @Html.AntiForgeryToken() to Users delete form
- Added @Html.AntiForgeryToken() to ShippingRates delete form
- Added @Html.AntiForgeryToken() to Product Variations delete form

This fixes the 400 Bad Request errors when trying to delete items
This commit is contained in:
SysAdmin 2025-09-24 18:02:17 +01:00
parent 96125d6042
commit bc708bb0a3
6 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.claude/settings.local.json
View File

@ -30,7 +30,9 @@
"Bash(tasklist)", "Bash(tasklist)",
"Bash(findstr:*)", "Bash(findstr:*)",
"Read(//mnt/c/Production/Source/SilverLABS/SilverPAY/**)", "Read(//mnt/c/Production/Source/SilverLABS/SilverPAY/**)",
"Bash(git commit:*)" "Bash(git commit:*)",
"Bash(docker build:*)",
"Bash(git fetch:*)"
], ],
"deny": [], "deny": [],
"ask": [] "ask": []

3
LittleShop/Areas/Admin/Views/Categories/Index.cshtml
View File

@ -56,8 +56,9 @@
<a href="@Url.Action("Edit", new { id = category.Id })" class="btn btn-outline-primary"> <a href="@Url.Action("Edit", new { id = category.Id })" class="btn btn-outline-primary">
<i class="fas fa-edit"></i> <i class="fas fa-edit"></i>
</a> </a>
<form method="post" action="@Url.Action("Delete", new { id = category.Id })" class="d-inline" <form method="post" action="@Url.Action("Delete", new { id = category.Id })" class="d-inline"
onsubmit="return confirm('Are you sure you want to delete this category?')"> onsubmit="return confirm('Are you sure you want to delete this category?')">
@Html.AntiForgeryToken()
<button type="submit" class="btn btn-outline-danger"> <button type="submit" class="btn btn-outline-danger">
<i class="fas fa-trash"></i> <i class="fas fa-trash"></i>
</button> </button>

1
LittleShop/Areas/Admin/Views/Products/Index.cshtml
View File

@ -115,6 +115,7 @@
</a> </a>
<form method="post" action="@Url.Action("Delete", new { id = product.Id })" class="d-inline" <form method="post" action="@Url.Action("Delete", new { id = product.Id })" class="d-inline"
onsubmit="return confirm('Are you sure you want to delete this product?')"> onsubmit="return confirm('Are you sure you want to delete this product?')">
@Html.AntiForgeryToken()
<button type="submit" class="btn btn-outline-danger" title="Delete Product"> <button type="submit" class="btn btn-outline-danger" title="Delete Product">
<i class="fas fa-trash"></i> <i class="fas fa-trash"></i>
</button> </button>

1
LittleShop/Areas/Admin/Views/Products/Variations.cshtml
View File

@ -80,6 +80,7 @@
</a> </a>
<form method="post" action="@Url.Action("DeleteVariation", new { id = variation.Id })" class="d-inline" <form method="post" action="@Url.Action("DeleteVariation", new { id = variation.Id })" class="d-inline"
onsubmit="return confirm('Are you sure you want to delete this variation?')"> onsubmit="return confirm('Are you sure you want to delete this variation?')">
@Html.AntiForgeryToken()
<button type="submit" class="btn btn-outline-danger" title="Delete Variation"> <button type="submit" class="btn btn-outline-danger" title="Delete Variation">
<i class="fas fa-trash"></i> <i class="fas fa-trash"></i>
</button> </button>

3
LittleShop/Areas/Admin/Views/ShippingRates/Index.cshtml
View File

@ -62,8 +62,9 @@
<a href="@Url.Action("Edit", new { id = rate.Id })" class="btn btn-outline-primary"> <a href="@Url.Action("Edit", new { id = rate.Id })" class="btn btn-outline-primary">
<i class="fas fa-edit"></i> <i class="fas fa-edit"></i>
</a> </a>
<form method="post" action="@Url.Action("Delete", new { id = rate.Id })" class="d-inline" <form method="post" action="@Url.Action("Delete", new { id = rate.Id })" class="d-inline"
onsubmit="return confirm('Are you sure you want to delete this shipping rate?')"> onsubmit="return confirm('Are you sure you want to delete this shipping rate?')">
@Html.AntiForgeryToken()
<button type="submit" class="btn btn-outline-danger"> <button type="submit" class="btn btn-outline-danger">
<i class="fas fa-trash"></i> <i class="fas fa-trash"></i>
</button> </button>

3
LittleShop/Areas/Admin/Views/Users/Index.cshtml
View File

@ -68,8 +68,9 @@
</a> </a>
@if (user.Username != "admin") @if (user.Username != "admin")
{ {
<form method="post" action="@Url.Action("Delete", new { id = user.Id })" class="d-inline" <form method="post" action="@Url.Action("Delete", new { id = user.Id })" class="d-inline"
onsubmit="return confirm('Are you sure you want to delete this user?')"> onsubmit="return confirm('Are you sure you want to delete this user?')">
@Html.AntiForgeryToken()
<button type="submit" class="btn btn-outline-danger"> <button type="submit" class="btn btn-outline-danger">
<i class="fas fa-trash"></i> <i class="fas fa-trash"></i>
</button> </button>