ChaoticByte/drinks-manager
1
1
Fork 0
Code Issues Pull requests Projects Releases 20 Packages Wiki Activity Actions
drinks-manager/application/app/templates/userPanel.html
W13R 9f270c12b4 Profile pictures are now handled by the application to mitigate possible directory traversals 
to other sub-directories of the static directory (Admins/Staff with the right to edit user
accounts were able to set a path like ../static/favicon.png for the profile picture - this
isn't a "i'm in, now i have root access and can hack your mom"-vulnerability, but better fix
it before it evolves to one. or a dragon. it's too late for this crap.)
2022-11-02 22:53:04 +01:00

42 lines
2 KiB
HTML
Raw Blame History

{% load i18n %}
{% load static %}
<div class="userPanel">
<div class="userInfo">
<img src="{{ '/profilepictures?name='|add:user.profile_picture_filename }}">
<span>
{% if user.first_name != "" %}
{% translate "User" %}: {{ user.first_name }} {{ user.last_name }} ({{ user.username }})
{% else %}
{% translate "User" %}: {{ user.username }}
{% endif %}
&nbsp;-&nbsp;
{% if user.balance < 0.01 %}
<span class="userBalanceWarn">{% translate "Balance" %}: {{ user.balance }}{{ currency_suffix }}</span>
{% else %}
<span>{% translate "Balance" %}: {{ user.balance }}{{ currency_suffix }}</span>
{% endif %}
</span>
</div>
<div class="horizontalButtonList">
<a class="button" id="navBarBtnHome" href="/">Home</a>
<a class="button" id="navBarBtnDeposit" href="/deposit">{% translate "Deposit" %}</a>
<a class="button" href="/accounts/logout">{% translate "Logout" %}</a>
<div class="dropDownMenu" id="dropDownMenu">
<button class="dropDownButton" id="dropDownMenuButton">
<div>{% translate "Account" %}</div>
</button>
<div class="dropDownList">
<a class="button dropDownChoice" id="navBarBtnHistory" href="/history">{% translate "History" %}</a>
<a class="button dropDownChoice" id="navBarBtnStatistics" href="/statistics">{% translate "Statistics" %}</a>
{% if user.is_superuser or user.is_staff %}
<a class="button dropDownChoice" href="/admin/">Admin Panel</a>
{% endif %}
{% if user.is_superuser or user.allowed_to_supply %}
<a class="button dropDownChoice" href="/supply/">{% translate "Supply" %}</a>
{% endif %}
<a class="button dropDownChoice" href="/accounts/password_change/">{% translate "Change Password" %}</a>
</div>
</div>
</div>
</div>
Reference in a new issue View git blame Copy permalink