Commit 482ba5ac authored by John 'Warthog9' Hawley's avatar John 'Warthog9' Hawley Committed by Jeremy Kerr
Browse files

templates: Add CSRF (cross-site request forgery) values to form posts



This is a fairly simple patch, basically it does what the error message
told me to do:
"add In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL."
Signed-off-by: default avatarJohn 'Warthog9' Hawley <warthog9@kernel.org>
parent 6f024270
......@@ -26,6 +26,7 @@ project.</p>
<form method="post">
{% csrf_token %}
<input type="hidden" name="form" value="bundle"/>
<table class="form">
......
......@@ -33,6 +33,7 @@
<td style="text-align: center;">
<form method="post"
onsubmit="return confirm_delete('bundle', '{{bundle.name|escapejs}}');">
{% csrf_token %}
{{ bundle.delete_form.as_p }}
<input type="image"
src="/images/16-em-cross.png" width="16" height="16" alt="delete"
......
......@@ -32,6 +32,7 @@
<td>
<form action="{% url patchwork.views.patch patch=patch.id %}"
method="post">
{% csrf_token %}
<input type="hidden" name="action" value="act"/>
<input type="submit" value="Ack"/>
</form>
......@@ -44,6 +45,7 @@
<span class="errors">{{createbundleform.errors}}</span>
{% endif %}
<form method="post">
{% csrf_token %}
<input type="hidden" name="action" value="createbundle"/>
{{ createbundleform.name }}
<input value="Create" type="submit"/>
......@@ -55,6 +57,7 @@
<td>Add to bundle:</td>
<td>
<form action="{% url patchwork.views.bundle.setbundle %}" method="post">
{% csrf_token %}
<input type="hidden" name="action" value="add"/>
<input type="hidden" name="patch_id" value="{{ patch.id }}"/>
<select name="name"/>
......@@ -71,6 +74,7 @@
<td>Archive:</td>
<td>
<form method="post">
{% csrf_token %}
<input type="hidden" name="action" value="archive"/>
<input type="submit" value="Archive"/>
</form>
......
......@@ -12,6 +12,7 @@
{% if order.editable %}
<td class="patchlistreorder">
<form method="post" id="reorderform">
{% csrf_token %}
<input type="hidden" name="form" value="reorderform"/>
<input type="hidden" name="order_start" value="0"/>
<span id="reorderhelp"></span>
......@@ -33,6 +34,7 @@
{% endif %}
<form method="post">
{% csrf_token %}
<input type="hidden" name="form" value="patchlistform"/>
<input type="hidden" name="project" value="{{project.id}}"/>
<table class="patchlist" id="patchlist">
......
......@@ -87,6 +87,7 @@ function toggle_headers(link_id, headers_id)
<div class="patchform patchform-properties">
<h3>Patch Properties</h3>
<form method="post">
{% csrf_token %}
<table class="form">
<tr>
<th>Change state:</th>
......@@ -130,6 +131,7 @@ function toggle_headers(link_id, headers_id)
<td>
<form action="{% url patchwork.views.patch.patch patch_id=patch.id %}"
method="post">
{% csrf_token %}
<input type="hidden" name="action" value="act"/>
<input type="submit" value="Ack"/>
</form>
......@@ -143,6 +145,7 @@ function toggle_headers(link_id, headers_id)
<dd class="errors">{{createbundleform.non_field_errors}}</dd>
{% endif %}
<form method="post">
{% csrf_token %}
<input type="hidden" name="action" value="createbundle"/>
{% if createbundleform.name.errors %}
<dd class="errors">{{createbundleform.name.errors}}</dd>
......@@ -157,6 +160,7 @@ function toggle_headers(link_id, headers_id)
<td>Add to bundle:</td>
<td>
<form method="post">
{% csrf_token %}
<input type="hidden" name="action" value="addtobundle"/>
<select name="bundle_id"/>
{% for bundle in bundles %}
......@@ -183,6 +187,7 @@ function toggle_headers(link_id, headers_id)
<td>
<form action="{% url patchwork.views.patch.patch patch_id=patch.id %}"
method="post">
{% csrf_token %}
<input type="hidden" name="action" value="act"/>
<input type="submit" value="Ack"/>
</form>
......
......@@ -3,6 +3,7 @@
{% if patches %}
<form method="post">
{% csrf_token %}
<table class="patchlist">
<tr>
{% if patchform %}
......
......@@ -59,6 +59,7 @@ address.</p>
{% ifnotequal user.email email.email %}
<form action="{% url patchwork.views.user.unlink person_id=email.id %}"
method="post">
{% csrf_token %}
<input type="submit" value="Unlink"/>
</form>
{% endifnotequal %}
......@@ -68,6 +69,7 @@ address.</p>
<tr>
<td colspan="2">
<form action="{% url patchwork.views.user.link %}" method="post">
{% csrf_token %}
{{ linkform.email }}
<input type="submit" value="Add"/>
</form>
......@@ -102,6 +104,7 @@ address.</p>
<h2>Settings</h2>
<form method="post">
{% csrf_token %}
<table class="form">
{{ profileform }}
<tr>
......
......@@ -22,6 +22,7 @@ you.</p>
{% endif %}
<form action="{% url patchwork.views.user.link %}" method="post">
{% csrf_token %}
{{linkform.email.errors}}
Link an email address: {{ linkform.email }}
</form>
......
......@@ -6,6 +6,7 @@
{% block body %}
<form method="post">
{% csrf_token %}
<table class="form loginform">
<tr>
<th colspan="2" class="headerrow">login</th>
......
......@@ -20,6 +20,7 @@
<li>update the state of your own patches</li>
</ul>
<form method="post">
{% csrf_token %}
<table class="form registerform">
<tr>
<th colspan="2" class="headerrow">register</th>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment