From 0a8a3fc1571100aba3bd3a3dec98f5e9e252780b Mon Sep 17 00:00:00 2001
From: Nathan Yergler <nathan@yergler.net>
Date: Sun, 4 Sep 2011 18:16:03 -0700
Subject: [PATCH] Issue 361: Include the CSRF token in all forms

---
 mediagoblin/templates/mediagoblin/auth/login.html                | 1 +
 mediagoblin/templates/mediagoblin/auth/register.html             | 1 +
 mediagoblin/templates/mediagoblin/edit/attachments.html          | 1 +
 mediagoblin/templates/mediagoblin/edit/edit.html                 | 1 +
 mediagoblin/templates/mediagoblin/edit/edit_profile.html         | 1 +
 mediagoblin/templates/mediagoblin/submit/start.html              | 1 +
 mediagoblin/templates/mediagoblin/test_submit.html               | 1 +
 mediagoblin/templates/mediagoblin/user_pages/media.html          | 1 +
 .../templates/mediagoblin/user_pages/media_confirm_delete.html   | 1 +
 9 files changed, 9 insertions(+)

diff --git a/mediagoblin/templates/mediagoblin/auth/login.html b/mediagoblin/templates/mediagoblin/auth/login.html
index 958cf9ea..1be58560 100644
--- a/mediagoblin/templates/mediagoblin/auth/login.html
+++ b/mediagoblin/templates/mediagoblin/auth/login.html
@@ -22,6 +22,7 @@
 {% block mediagoblin_content %}
   <form action="{{ request.urlgen('mediagoblin.auth.login') }}"
         method="POST" enctype="multipart/form-data">
+    {{ csrf_token }}
     <div class="grid_6 prefix_1 suffix_1 form_box">
       <h1>{% trans %}Log in{% endtrans %}</h1>
       {% if login_failed %}
diff --git a/mediagoblin/templates/mediagoblin/auth/register.html b/mediagoblin/templates/mediagoblin/auth/register.html
index e72b3a52..25b68058 100644
--- a/mediagoblin/templates/mediagoblin/auth/register.html
+++ b/mediagoblin/templates/mediagoblin/auth/register.html
@@ -26,6 +26,7 @@
     <div class="grid_6 prefix_1 suffix_1 form_box">
       <h1>{% trans %}Create an account!{% endtrans %}</h1>
       {{ wtforms_util.render_divs(register_form) }}
+      {{ csrf_token }}
       <div class="form_submit_buttons">
         <input type="submit" value="{% trans %}Create{% endtrans %}"
                class="button" />
diff --git a/mediagoblin/templates/mediagoblin/edit/attachments.html b/mediagoblin/templates/mediagoblin/edit/attachments.html
index 63b06581..d8b55f58 100644
--- a/mediagoblin/templates/mediagoblin/edit/attachments.html
+++ b/mediagoblin/templates/mediagoblin/edit/attachments.html
@@ -49,6 +49,7 @@
       <div class="form_submit_buttons">
         <a href="{{ media.url_for_self(request.urlgen) }}">Cancel</a>
         <input type="submit" value="Save changes" class="button" />
+	{{ csrf_token }}
       </div>
     </div>
   </form>
diff --git a/mediagoblin/templates/mediagoblin/edit/edit.html b/mediagoblin/templates/mediagoblin/edit/edit.html
index 8c4e2efb..b4b3be85 100644
--- a/mediagoblin/templates/mediagoblin/edit/edit.html
+++ b/mediagoblin/templates/mediagoblin/edit/edit.html
@@ -35,6 +35,7 @@
       <div class="form_submit_buttons">
         <a href="{{ media.url_for_self(request.urlgen) }}">{% trans %}Cancel{% endtrans %}</a>
         <input type="submit" value="{% trans %}Save changes{% endtrans %}" class="button" />
+	{{ csrf_token }}
       </div>
     </div>
   </form>
diff --git a/mediagoblin/templates/mediagoblin/edit/edit_profile.html b/mediagoblin/templates/mediagoblin/edit/edit_profile.html
index 464c663d..93b2a792 100644
--- a/mediagoblin/templates/mediagoblin/edit/edit_profile.html
+++ b/mediagoblin/templates/mediagoblin/edit/edit_profile.html
@@ -33,6 +33,7 @@
       {{ wtforms_util.render_divs(form) }}
       <div class="form_submit_buttons">
         <input type="submit" value="{% trans %}Save changes{% endtrans %}" class="button" />
+	{{ csrf_token }}
       </div>
     </div>
   </form>
diff --git a/mediagoblin/templates/mediagoblin/submit/start.html b/mediagoblin/templates/mediagoblin/submit/start.html
index f2e844df..7bc6ff45 100644
--- a/mediagoblin/templates/mediagoblin/submit/start.html
+++ b/mediagoblin/templates/mediagoblin/submit/start.html
@@ -26,6 +26,7 @@
       <h1>{% trans %}Submit yer media{% endtrans %}</h1>
       {{ wtforms_util.render_divs(submit_form) }}
       <div class="form_submit_buttons">
+      {{ csrf_token }}
       <input type="submit" value="{% trans %}Submit{% endtrans %}" class="button" />
       </div>
     </div>
diff --git a/mediagoblin/templates/mediagoblin/test_submit.html b/mediagoblin/templates/mediagoblin/test_submit.html
index 78b88ae8..190b9ac3 100644
--- a/mediagoblin/templates/mediagoblin/test_submit.html
+++ b/mediagoblin/templates/mediagoblin/test_submit.html
@@ -26,6 +26,7 @@
         <tr>
           <td></td>
           <td><input type="submit" value="submit" class="button" /></td>
+	  {{ csrf_token }}
         </tr>
       </table>
     </form>
diff --git a/mediagoblin/templates/mediagoblin/user_pages/media.html b/mediagoblin/templates/mediagoblin/user_pages/media.html
index 442bef6d..433f74dc 100644
--- a/mediagoblin/templates/mediagoblin/user_pages/media.html
+++ b/mediagoblin/templates/mediagoblin/user_pages/media.html
@@ -72,6 +72,7 @@
           {{ wtforms_util.render_divs(comment_form) }}
           <div class="form_submit_buttons">
             <input type="submit" value="{% trans %}Post comment!{% endtrans %}" class="button" />
+	    {{ csrf_token }}
           </div>
         </form>
       {% endif %}
diff --git a/mediagoblin/templates/mediagoblin/user_pages/media_confirm_delete.html b/mediagoblin/templates/mediagoblin/user_pages/media_confirm_delete.html
index 48fbc3b0..3acf802b 100644
--- a/mediagoblin/templates/mediagoblin/user_pages/media_confirm_delete.html
+++ b/mediagoblin/templates/mediagoblin/user_pages/media_confirm_delete.html
@@ -42,6 +42,7 @@
       {{ wtforms_util.render_divs(form) }}
       <div class="form_submit_buttons">
         <input type="submit" value="{% trans %}Save changes{% endtrans %}" class="button" />
+	{{ csrf_token }}
       </div>
     </div>
   </form>
-- 
2.25.1