From 7970b175747d08da2193cb5a84c85124d58a17b4 Mon Sep 17 00:00:00 2001
From: justcool393 <justcool393@gmail.com>
Date: Wed, 2 Nov 2022 20:46:51 -0500
Subject: [PATCH] caching: fix CSRF this removes the ability to do a GET to
 dump the internal cache but i've added a button to the admin panel that makes
 it so you can do it

---
 files/routes/admin.py                 | 2 +-
 files/templates/admin/admin_home.html | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/files/routes/admin.py b/files/routes/admin.py
index b8cf14297..5637dfaea 100644
--- a/files/routes/admin.py
+++ b/files/routes/admin.py
@@ -1531,7 +1531,7 @@ def admin_distinguish_comment(c_id, v):
 	if comment.distinguish_level: return {"message": "Comment distinguished!"}
 	else: return {"message": "Comment undistinguished!"}
 
-@app.get("/admin/dump_cache")
+@app.post("/admin/dump_cache")
 @limiter.exempt
 @admin_level_required(2)
 def admin_dump_cache(v):
diff --git a/files/templates/admin/admin_home.html b/files/templates/admin/admin_home.html
index 17901e7be..22c71a730 100644
--- a/files/templates/admin/admin_home.html
+++ b/files/templates/admin/admin_home.html
@@ -110,7 +110,8 @@
 		<label for="min_age">Minimum Account Age (days)</label>
 	</div>
 
-	<button class="btn btn-primary mt-3" onclick="post_toast(this,'/admin/purge_cache');">PURGE CACHE</button>
+	<button class="btn btn-primary mt-3" onclick="post_toast(this,'/admin/purge_cache');">PURGE CDN CACHE</button>
+	<button class="btn btn-primary mt-3" onclick="post_toast(this,'/admin/dump_cache');">DUMP INTERNAL CACHE</button>
 {% endif %}
 
 {% endblock %}