aboutsummaryrefslogtreecommitdiff
path: root/templates
diff options
context:
space:
mode:
authorJohn 'Warthog9' Hawley <warthog9@kernel.org>2010-06-24 09:38:06 -0700
committerJeremy Kerr <jk@ozlabs.org>2010-08-10 11:57:56 +0800
commit482ba5ac5e2fb71a8ae26ae9d5c5c72c33c35b23 (patch)
tree30af42f92bc0143daf7fb17fde0d6e8043ace1ea /templates
parent6f02427039f0a80484f99ebd4595e2ecdfc907bb (diff)
downloadpatchwork-482ba5ac5e2fb71a8ae26ae9d5c5c72c33c35b23.tar
patchwork-482ba5ac5e2fb71a8ae26ae9d5c5c72c33c35b23.tar.gz
templates: Add CSRF (cross-site request forgery) values to form posts
This is a fairly simple patch, basically it does what the error message told me to do: "add In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL." Signed-off-by: John 'Warthog9' Hawley <warthog9@kernel.org>
Diffstat (limited to 'templates')
-rw-r--r--templates/patchwork/bundle.html1
-rw-r--r--templates/patchwork/bundles.html1
-rw-r--r--templates/patchwork/patch-form.html4
-rw-r--r--templates/patchwork/patch-list.html2
-rw-r--r--templates/patchwork/patch.html5
-rw-r--r--templates/patchwork/patchlist.html1
-rw-r--r--templates/patchwork/profile.html3
-rw-r--r--templates/patchwork/user-link.html1
-rw-r--r--templates/registration/login.html1
-rw-r--r--templates/registration/registration_form.html1
10 files changed, 20 insertions, 0 deletions
diff --git a/templates/patchwork/bundle.html b/templates/patchwork/bundle.html
index 616a62e..a2933d5 100644
--- a/templates/patchwork/bundle.html
+++ b/templates/patchwork/bundle.html
@@ -26,6 +26,7 @@ project.</p>
<form method="post">
+ {% csrf_token %}
<input type="hidden" name="form" value="bundle"/>
<table class="form">
diff --git a/templates/patchwork/bundles.html b/templates/patchwork/bundles.html
index 95029c1..5340a64 100644
--- a/templates/patchwork/bundles.html
+++ b/templates/patchwork/bundles.html
@@ -33,6 +33,7 @@
<td style="text-align: center;">
<form method="post"
onsubmit="return confirm_delete('bundle', '{{bundle.name|escapejs}}');">
+ {% csrf_token %}
{{ bundle.delete_form.as_p }}
<input type="image"
src="/images/16-em-cross.png" width="16" height="16" alt="delete"
diff --git a/templates/patchwork/patch-form.html b/templates/patchwork/patch-form.html
index 9d2c954..aae673a 100644
--- a/templates/patchwork/patch-form.html
+++ b/templates/patchwork/patch-form.html
@@ -32,6 +32,7 @@
<td>
<form action="{% url patchwork.views.patch patch=patch.id %}"
method="post">
+ {% csrf_token %}
<input type="hidden" name="action" value="act"/>
<input type="submit" value="Ack"/>
</form>
@@ -44,6 +45,7 @@
<span class="errors">{{createbundleform.errors}}</span>
{% endif %}
<form method="post">
+ {% csrf_token %}
<input type="hidden" name="action" value="createbundle"/>
{{ createbundleform.name }}
<input value="Create" type="submit"/>
@@ -55,6 +57,7 @@
<td>Add to bundle:</td>
<td>
<form action="{% url patchwork.views.bundle.setbundle %}" method="post">
+ {% csrf_token %}
<input type="hidden" name="action" value="add"/>
<input type="hidden" name="patch_id" value="{{ patch.id }}"/>
<select name="name"/>
@@ -71,6 +74,7 @@
<td>Archive:</td>
<td>
<form method="post">
+ {% csrf_token %}
<input type="hidden" name="action" value="archive"/>
<input type="submit" value="Archive"/>
</form>
diff --git a/templates/patchwork/patch-list.html b/templates/patchwork/patch-list.html
index bc9abe9..fe4d606 100644
--- a/templates/patchwork/patch-list.html
+++ b/templates/patchwork/patch-list.html
@@ -12,6 +12,7 @@
{% if order.editable %}
<td class="patchlistreorder">
<form method="post" id="reorderform">
+ {% csrf_token %}
<input type="hidden" name="form" value="reorderform"/>
<input type="hidden" name="order_start" value="0"/>
<span id="reorderhelp"></span>
@@ -33,6 +34,7 @@
{% endif %}
<form method="post">
+{% csrf_token %}
<input type="hidden" name="form" value="patchlistform"/>
<input type="hidden" name="project" value="{{project.id}}"/>
<table class="patchlist" id="patchlist">
diff --git a/templates/patchwork/patch.html b/templates/patchwork/patch.html
index 7c249ec..c716a33 100644
--- a/templates/patchwork/patch.html
+++ b/templates/patchwork/patch.html
@@ -87,6 +87,7 @@ function toggle_headers(link_id, headers_id)
<div class="patchform patchform-properties">
<h3>Patch Properties</h3>
<form method="post">
+ {% csrf_token %}
<table class="form">
<tr>
<th>Change state:</th>
@@ -130,6 +131,7 @@ function toggle_headers(link_id, headers_id)
<td>
<form action="{% url patchwork.views.patch.patch patch_id=patch.id %}"
method="post">
+ {% csrf_token %}
<input type="hidden" name="action" value="act"/>
<input type="submit" value="Ack"/>
</form>
@@ -143,6 +145,7 @@ function toggle_headers(link_id, headers_id)
<dd class="errors">{{createbundleform.non_field_errors}}</dd>
{% endif %}
<form method="post">
+ {% csrf_token %}
<input type="hidden" name="action" value="createbundle"/>
{% if createbundleform.name.errors %}
<dd class="errors">{{createbundleform.name.errors}}</dd>
@@ -157,6 +160,7 @@ function toggle_headers(link_id, headers_id)
<td>Add to bundle:</td>
<td>
<form method="post">
+ {% csrf_token %}
<input type="hidden" name="action" value="addtobundle"/>
<select name="bundle_id"/>
{% for bundle in bundles %}
@@ -183,6 +187,7 @@ function toggle_headers(link_id, headers_id)
<td>
<form action="{% url patchwork.views.patch.patch patch_id=patch.id %}"
method="post">
+ {% csrf_token %}
<input type="hidden" name="action" value="act"/>
<input type="submit" value="Ack"/>
</form>
diff --git a/templates/patchwork/patchlist.html b/templates/patchwork/patchlist.html
index 1bcd2c1..d6709cd 100644
--- a/templates/patchwork/patchlist.html
+++ b/templates/patchwork/patchlist.html
@@ -3,6 +3,7 @@
{% if patches %}
<form method="post">
+{% csrf_token %}
<table class="patchlist">
<tr>
{% if patchform %}
diff --git a/templates/patchwork/profile.html b/templates/patchwork/profile.html
index c204183..e2d0b90 100644
--- a/templates/patchwork/profile.html
+++ b/templates/patchwork/profile.html
@@ -59,6 +59,7 @@ address.</p>
{% ifnotequal user.email email.email %}
<form action="{% url patchwork.views.user.unlink person_id=email.id %}"
method="post">
+ {% csrf_token %}
<input type="submit" value="Unlink"/>
</form>
{% endifnotequal %}
@@ -68,6 +69,7 @@ address.</p>
<tr>
<td colspan="2">
<form action="{% url patchwork.views.user.link %}" method="post">
+ {% csrf_token %}
{{ linkform.email }}
<input type="submit" value="Add"/>
</form>
@@ -102,6 +104,7 @@ address.</p>
<h2>Settings</h2>
<form method="post">
+ {% csrf_token %}
<table class="form">
{{ profileform }}
<tr>
diff --git a/templates/patchwork/user-link.html b/templates/patchwork/user-link.html
index 2ed193e..10c8ec2 100644
--- a/templates/patchwork/user-link.html
+++ b/templates/patchwork/user-link.html
@@ -22,6 +22,7 @@ you.</p>
{% endif %}
<form action="{% url patchwork.views.user.link %}" method="post">
+ {% csrf_token %}
{{linkform.email.errors}}
Link an email address: {{ linkform.email }}
</form>
diff --git a/templates/registration/login.html b/templates/registration/login.html
index eef56a4..2dfc2a7 100644
--- a/templates/registration/login.html
+++ b/templates/registration/login.html
@@ -6,6 +6,7 @@
{% block body %}
<form method="post">
+{% csrf_token %}
<table class="form loginform">
<tr>
<th colspan="2" class="headerrow">login</th>
diff --git a/templates/registration/registration_form.html b/templates/registration/registration_form.html
index 8938e40..e2b17c1 100644
--- a/templates/registration/registration_form.html
+++ b/templates/registration/registration_form.html
@@ -20,6 +20,7 @@
<li>update the state of your own patches</li>
</ul>
<form method="post">
+{% csrf_token %}
<table class="form registerform">
<tr>
<th colspan="2" class="headerrow">register</th>