]> git.openstreetmap.org Git - rails.git/blobdiff - app/views/browse/note.html.erb
Prevent CSRF bypass unblocking users
[rails.git] / app / views / browse / note.html.erb
index d44e0bb3d86e154826cd57882c96c14c75fe1c17..1a792e873952ce3dc98b5d6b7ced79e6f27cdeb2 100644 (file)
 
   <% if @note.status == "open" %>
     <% if current_user -%>
-      <form action="#" class="standard-form">
-        <textarea class="comment" name="text" cols="40" rows="5" maxlength="2000"></textarea>
-        <div class="buttons clearfix">
+      <form action="#">
+        <div class="form-group">
+          <textarea class="form-control" name="text" cols="40" rows="5" maxlength="2000"></textarea>
+        </div>
+        <div>
           <% if current_user.moderator? -%>
-            <input type="submit" name="hide" value="<%= t("javascripts.notes.show.hide") %>" class="deemphasize" data-note-id="<%= @note.id %>" data-method="DELETE" data-url="<%= note_url(@note, "json") %>">
+            <input type="submit" name="hide" value="<%= t("javascripts.notes.show.hide") %>" class="btn btn-light" data-note-id="<%= @note.id %>" data-method="DELETE" data-url="<%= note_url(@note, "json") %>">
           <% end -%>
-          <input type="submit" name="close" value="<%= t("javascripts.notes.show.resolve") %>" data-note-id="<%= @note.id %>" data-method="POST" data-url="<%= close_note_url(@note, "json") %>">
-          <input type="submit" name="comment" value="<%= t("javascripts.notes.show.comment") %>" data-note-id="<%= @note.id %>" data-method="POST" data-url="<%= comment_note_url(@note, "json") %>" disabled="1">
+          <input type="submit" name="close" value="<%= t("javascripts.notes.show.resolve") %>" class="btn btn-primary" data-note-id="<%= @note.id %>" data-method="POST" data-url="<%= close_note_url(@note, "json") %>">
+          <input type="submit" name="comment" value="<%= t("javascripts.notes.show.comment") %>" class="btn btn-primary" data-note-id="<%= @note.id %>" data-method="POST" data-url="<%= comment_note_url(@note, "json") %>" disabled="1">
         </div>
       </form>
     <% end -%>
   <% else %>
-    <form action="#" class="standard-form">
+    <form action="#">
       <input type="hidden" name="text" value="">
-      <div class="buttons clearfix">
+      <div>
         <% if current_user and current_user.moderator? -%>
-          <input type="submit" name="hide" value="<%= t("javascripts.notes.show.hide") %>" class="deemphasize" data-note-id="<%= @note.id %>" data-method="DELETE" data-url="<%= note_url(@note, "json") %>">
+          <input type="submit" name="hide" value="<%= t("javascripts.notes.show.hide") %>" class="btn btn-light" data-note-id="<%= @note.id %>" data-method="DELETE" data-url="<%= note_url(@note, "json") %>">
         <% end -%>
         <% if current_user -%>
-          <input type="submit" name="reopen" value="<%= t("javascripts.notes.show.reactivate") %>" data-note-id="<%= @note.id %>" data-method="POST" data-url="<%= reopen_note_url(@note, "json") %>">
+          <input type="submit" name="reopen" value="<%= t("javascripts.notes.show.reactivate") %>" class="btn btn-primary" data-note-id="<%= @note.id %>" data-method="POST" data-url="<%= reopen_note_url(@note, "json") %>">
         <% end -%>
       </div>
     </form>