Mercurial > hg > bts-webui

changeset 173:1dcf2b9f84df draft

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Added {% csrf_token %} in any template that uses a POST form
author eriol-guest
date Thu, 07 Jul 2011 06:41:23 +0000
parents 16c289c44acc
children d9f12ce05039
files bts_webui/amancay/templates/bug_actions.html bts_webui/amancay/templates/bug_forms.html bts_webui/templates/registration/login.html bts_webui/templates/registration/registration_form.html
diffstat 4 files changed, 11 insertions(+), 11 deletions(-) [+]
line wrap: on
line diff
--- a/bts_webui/amancay/templates/bug_actions.html
+++ b/bts_webui/amancay/templates/bug_actions.html
@@ -1,6 +1,6 @@
 {% comment %} vim: set sw=4 ts=4 sts=4 noet: {% endcomment %}
 <div class="bug_actions">
-	<form name="show_add_comment" method="POST">
+	<form name="show_add_comment" method="POST">{% csrf_token %}
 		<input id="add_comment_button" type="button" value="Add Comment" />
 		<select id="more_actions">
 			<option selected>More Actions</option>
--- a/bts_webui/amancay/templates/bug_forms.html
+++ b/bts_webui/amancay/templates/bug_forms.html
@@ -1,7 +1,7 @@
 {% comment %} vim: set sw=4 ts=4 sts=4 noet: {% endcomment %}
 <!-- hidden forms: add comment -->
 <div class="action_form" id="add_comment_form">
-	<form name="add_comment" method="POST">
+	<form name="add_comment" method="POST">{% csrf_token %}
 		<input type="hidden" name="form_type" value="comment"/>
 		<fieldset class="action_form">
 		<legend class="action_form">Add Comment</legend>
@@ -24,7 +24,7 @@
 
 <!-- reassign -->
 <div class="action_form" id="reassign_form">
-	<form name="reassign" method="POST">
+	<form name="reassign" method="POST">{% csrf_token %}
 		<input type="hidden" name="form_type" value="reassign"/>
 		<fieldset class="action_form">
 		<legend class="action_form">Reassign report to</legend>
@@ -49,7 +49,7 @@
 
 <!-- retitle -->
 <div class="action_form" id="retitle_form">
-	<form name="retitle" method="POST">
+	<form name="retitle" method="POST">{% csrf_token %}
 		<input type="hidden" name="form_type" value="retitle"/>
 		<fieldset class="action_form">
 		<legend class="action_form">Retitle bug report</legend>
@@ -72,7 +72,7 @@
 
 <!-- close -->
 <div class="action_form" id="close_form">
-	<form name="close" method="POST">
+	<form name="close" method="POST">{% csrf_token %}
 		<input type="hidden" name="form_type" value="close"/>
 		<fieldset class="action_form">
 		<legend class="action_form">Close bug report</legend>
@@ -95,7 +95,7 @@
 
 <!-- severity -->
 <div class="action_form" id="severity_form">
-	<form name="severity" method="POST">
+	<form name="severity" method="POST">{% csrf_token %}
 		<input type="hidden" name="form_type" value="severity"/>
 		<fieldset class="action_form">
 		<legend class="action_form">Change bug severity</legend>
@@ -126,7 +126,7 @@
 
 <!-- subscription -->
 <div class="action_form" id="subscribe_form">
-	<form name="severity" method="POST">
+	<form name="severity" method="POST">{% csrf_token %}
 		<input type="hidden" name="form_type" value="subscribe"/>
 		<fieldset class="action_form">
 		<legend class="action_form">Confirm subscription</legend>
@@ -152,7 +152,7 @@
 
 <!-- owner -->
 <div class="action_form" id="owner_form">
-	<form name="owner_new" method="POST">
+	<form name="owner_new" method="POST">{% csrf_token %}
 		<input type="hidden" name="form_type" value="owner">
 		<fieldset class="action_form">
 		<legend class="action_form">Change bug owner</legend>
@@ -165,7 +165,7 @@
 		</fieldset>
 	</form>
 	{% if current_user.is_authenticated %}
-	<form name="owner_takeover" method="POST">
+	<form name="owner_takeover" method="POST">{% csrf_token %}
 		<input type="hidden" name="form_type" value="owner">
 		<fieldset class="action_form">
 		<legend class="action_form">Take over this bug</legend>
--- a/bts_webui/templates/registration/login.html
+++ b/bts_webui/templates/registration/login.html
@@ -12,7 +12,7 @@
 <p class="error">Please correct the errors below:</p>
 {% endif %}
 <div class="account_form">
-    <form method="post" action="{% url django.contrib.auth.views.login %}">
+    <form method="post" action="{% url django.contrib.auth.views.login %}">{% csrf_token %}
     <table>
     <tr>
         <td><label for="id_username">Username:</label></td>
--- a/bts_webui/templates/registration/registration_form.html
+++ b/bts_webui/templates/registration/registration_form.html
@@ -10,7 +10,7 @@
 {% endif %}
 
 <div class="account_form">
-<form method="post" action="">
+<form method="post" action="">{% csrf_token %}
 <fieldset class="account_form">
 <legend class="account_title">Sign up</legend>
 <ol class="account_form">