diff options
author | John 'Warthog9' Hawley <warthog9@kernel.org> | 2010-06-24 09:38:06 -0700 |
---|---|---|
committer | Jeremy Kerr <jk@ozlabs.org> | 2010-08-10 11:57:56 +0800 |
commit | 482ba5ac5e2fb71a8ae26ae9d5c5c72c33c35b23 (patch) | |
tree | 30af42f92bc0143daf7fb17fde0d6e8043ace1ea /templates | |
parent | 6f02427039f0a80484f99ebd4595e2ecdfc907bb (diff) | |
download | patchwork-482ba5ac5e2fb71a8ae26ae9d5c5c72c33c35b23.tar patchwork-482ba5ac5e2fb71a8ae26ae9d5c5c72c33c35b23.tar.gz |
templates: Add CSRF (cross-site request forgery) values to form posts
This is a fairly simple patch, basically it does what the error message
told me to do:
"add In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL."
Signed-off-by: John 'Warthog9' Hawley <warthog9@kernel.org>
Diffstat (limited to 'templates')
-rw-r--r-- | templates/patchwork/bundle.html | 1 | ||||
-rw-r--r-- | templates/patchwork/bundles.html | 1 | ||||
-rw-r--r-- | templates/patchwork/patch-form.html | 4 | ||||
-rw-r--r-- | templates/patchwork/patch-list.html | 2 | ||||
-rw-r--r-- | templates/patchwork/patch.html | 5 | ||||
-rw-r--r-- | templates/patchwork/patchlist.html | 1 | ||||
-rw-r--r-- | templates/patchwork/profile.html | 3 | ||||
-rw-r--r-- | templates/patchwork/user-link.html | 1 | ||||
-rw-r--r-- | templates/registration/login.html | 1 | ||||
-rw-r--r-- | templates/registration/registration_form.html | 1 |
10 files changed, 20 insertions, 0 deletions
diff --git a/templates/patchwork/bundle.html b/templates/patchwork/bundle.html index 616a62e..a2933d5 100644 --- a/templates/patchwork/bundle.html +++ b/templates/patchwork/bundle.html @@ -26,6 +26,7 @@ project.</p> <form method="post"> + {% csrf_token %} <input type="hidden" name="form" value="bundle"/> <table class="form"> diff --git a/templates/patchwork/bundles.html b/templates/patchwork/bundles.html index 95029c1..5340a64 100644 --- a/templates/patchwork/bundles.html +++ b/templates/patchwork/bundles.html @@ -33,6 +33,7 @@ <td style="text-align: center;"> <form method="post" onsubmit="return confirm_delete('bundle', '{{bundle.name|escapejs}}');"> + {% csrf_token %} {{ bundle.delete_form.as_p }} <input type="image" src="/images/16-em-cross.png" width="16" height="16" alt="delete" diff --git a/templates/patchwork/patch-form.html b/templates/patchwork/patch-form.html index 9d2c954..aae673a 100644 --- a/templates/patchwork/patch-form.html +++ b/templates/patchwork/patch-form.html @@ -32,6 +32,7 @@ <td> <form action="{% url patchwork.views.patch patch=patch.id %}" method="post"> + {% csrf_token %} <input type="hidden" name="action" value="act"/> <input type="submit" value="Ack"/> </form> @@ -44,6 +45,7 @@ <span class="errors">{{createbundleform.errors}}</span> {% endif %} <form method="post"> + {% csrf_token %} <input type="hidden" name="action" value="createbundle"/> {{ createbundleform.name }} <input value="Create" type="submit"/> @@ -55,6 +57,7 @@ <td>Add to bundle:</td> <td> <form action="{% url patchwork.views.bundle.setbundle %}" method="post"> + {% csrf_token %} <input type="hidden" name="action" value="add"/> <input type="hidden" name="patch_id" value="{{ patch.id }}"/> <select name="name"/> @@ -71,6 +74,7 @@ <td>Archive:</td> <td> <form method="post"> + {% csrf_token %} <input type="hidden" name="action" value="archive"/> <input type="submit" value="Archive"/> </form> diff --git a/templates/patchwork/patch-list.html b/templates/patchwork/patch-list.html index bc9abe9..fe4d606 100644 --- a/templates/patchwork/patch-list.html +++ b/templates/patchwork/patch-list.html @@ -12,6 +12,7 @@ {% if order.editable %} <td class="patchlistreorder"> <form method="post" id="reorderform"> + {% csrf_token %} <input type="hidden" name="form" value="reorderform"/> <input type="hidden" name="order_start" value="0"/> <span id="reorderhelp"></span> @@ -33,6 +34,7 @@ {% endif %} <form method="post"> +{% csrf_token %} <input type="hidden" name="form" value="patchlistform"/> <input type="hidden" name="project" value="{{project.id}}"/> <table class="patchlist" id="patchlist"> diff --git a/templates/patchwork/patch.html b/templates/patchwork/patch.html index 7c249ec..c716a33 100644 --- a/templates/patchwork/patch.html +++ b/templates/patchwork/patch.html @@ -87,6 +87,7 @@ function toggle_headers(link_id, headers_id) <div class="patchform patchform-properties"> <h3>Patch Properties</h3> <form method="post"> + {% csrf_token %} <table class="form"> <tr> <th>Change state:</th> @@ -130,6 +131,7 @@ function toggle_headers(link_id, headers_id) <td> <form action="{% url patchwork.views.patch.patch patch_id=patch.id %}" method="post"> + {% csrf_token %} <input type="hidden" name="action" value="act"/> <input type="submit" value="Ack"/> </form> @@ -143,6 +145,7 @@ function toggle_headers(link_id, headers_id) <dd class="errors">{{createbundleform.non_field_errors}}</dd> {% endif %} <form method="post"> + {% csrf_token %} <input type="hidden" name="action" value="createbundle"/> {% if createbundleform.name.errors %} <dd class="errors">{{createbundleform.name.errors}}</dd> @@ -157,6 +160,7 @@ function toggle_headers(link_id, headers_id) <td>Add to bundle:</td> <td> <form method="post"> + {% csrf_token %} <input type="hidden" name="action" value="addtobundle"/> <select name="bundle_id"/> {% for bundle in bundles %} @@ -183,6 +187,7 @@ function toggle_headers(link_id, headers_id) <td> <form action="{% url patchwork.views.patch.patch patch_id=patch.id %}" method="post"> + {% csrf_token %} <input type="hidden" name="action" value="act"/> <input type="submit" value="Ack"/> </form> diff --git a/templates/patchwork/patchlist.html b/templates/patchwork/patchlist.html index 1bcd2c1..d6709cd 100644 --- a/templates/patchwork/patchlist.html +++ b/templates/patchwork/patchlist.html @@ -3,6 +3,7 @@ {% if patches %} <form method="post"> +{% csrf_token %} <table class="patchlist"> <tr> {% if patchform %} diff --git a/templates/patchwork/profile.html b/templates/patchwork/profile.html index c204183..e2d0b90 100644 --- a/templates/patchwork/profile.html +++ b/templates/patchwork/profile.html @@ -59,6 +59,7 @@ address.</p> {% ifnotequal user.email email.email %} <form action="{% url patchwork.views.user.unlink person_id=email.id %}" method="post"> + {% csrf_token %} <input type="submit" value="Unlink"/> </form> {% endifnotequal %} @@ -68,6 +69,7 @@ address.</p> <tr> <td colspan="2"> <form action="{% url patchwork.views.user.link %}" method="post"> + {% csrf_token %} {{ linkform.email }} <input type="submit" value="Add"/> </form> @@ -102,6 +104,7 @@ address.</p> <h2>Settings</h2> <form method="post"> + {% csrf_token %} <table class="form"> {{ profileform }} <tr> diff --git a/templates/patchwork/user-link.html b/templates/patchwork/user-link.html index 2ed193e..10c8ec2 100644 --- a/templates/patchwork/user-link.html +++ b/templates/patchwork/user-link.html @@ -22,6 +22,7 @@ you.</p> {% endif %} <form action="{% url patchwork.views.user.link %}" method="post"> + {% csrf_token %} {{linkform.email.errors}} Link an email address: {{ linkform.email }} </form> diff --git a/templates/registration/login.html b/templates/registration/login.html index eef56a4..2dfc2a7 100644 --- a/templates/registration/login.html +++ b/templates/registration/login.html @@ -6,6 +6,7 @@ {% block body %} <form method="post"> +{% csrf_token %} <table class="form loginform"> <tr> <th colspan="2" class="headerrow">login</th> diff --git a/templates/registration/registration_form.html b/templates/registration/registration_form.html index 8938e40..e2b17c1 100644 --- a/templates/registration/registration_form.html +++ b/templates/registration/registration_form.html @@ -20,6 +20,7 @@ <li>update the state of your own patches</li> </ul> <form method="post"> +{% csrf_token %} <table class="form registerform"> <tr> <th colspan="2" class="headerrow">register</th> |