From 0a8a3fc1571100aba3bd3a3dec98f5e9e252780b Mon Sep 17 00:00:00 2001
From: Nathan Yergler <nathan@yergler.net>
Date: Sun, 4 Sep 2011 18:16:03 -0700
Subject: [PATCH] Issue 361: Include the CSRF token in all forms
---
mediagoblin/templates/mediagoblin/auth/login.html | 1 +
mediagoblin/templates/mediagoblin/auth/register.html | 1 +
mediagoblin/templates/mediagoblin/edit/attachments.html | 1 +
mediagoblin/templates/mediagoblin/edit/edit.html | 1 +
mediagoblin/templates/mediagoblin/edit/edit_profile.html | 1 +
mediagoblin/templates/mediagoblin/submit/start.html | 1 +
mediagoblin/templates/mediagoblin/test_submit.html | 1 +
mediagoblin/templates/mediagoblin/user_pages/media.html | 1 +
.../templates/mediagoblin/user_pages/media_confirm_delete.html | 1 +
9 files changed, 9 insertions(+)
diff --git a/mediagoblin/templates/mediagoblin/auth/login.html b/mediagoblin/templates/mediagoblin/auth/login.html
index 958cf9ea..1be58560 100644
--- a/mediagoblin/templates/mediagoblin/auth/login.html
+++ b/mediagoblin/templates/mediagoblin/auth/login.html
@@ -22,6 +22,7 @@
{% block mediagoblin_content %}
<form action="{{ request.urlgen('mediagoblin.auth.login') }}"
method="POST" enctype="multipart/form-data">
+ {{ csrf_token }}
<div class="grid_6 prefix_1 suffix_1 form_box">
<h1>{% trans %}Log in{% endtrans %}</h1>
{% if login_failed %}
diff --git a/mediagoblin/templates/mediagoblin/auth/register.html b/mediagoblin/templates/mediagoblin/auth/register.html
index e72b3a52..25b68058 100644
--- a/mediagoblin/templates/mediagoblin/auth/register.html
+++ b/mediagoblin/templates/mediagoblin/auth/register.html
@@ -26,6 +26,7 @@
<div class="grid_6 prefix_1 suffix_1 form_box">
<h1>{% trans %}Create an account!{% endtrans %}</h1>
{{ wtforms_util.render_divs(register_form) }}
+ {{ csrf_token }}
<div class="form_submit_buttons">
<input type="submit" value="{% trans %}Create{% endtrans %}"
class="button" />
diff --git a/mediagoblin/templates/mediagoblin/edit/attachments.html b/mediagoblin/templates/mediagoblin/edit/attachments.html
index 63b06581..d8b55f58 100644
--- a/mediagoblin/templates/mediagoblin/edit/attachments.html
+++ b/mediagoblin/templates/mediagoblin/edit/attachments.html
@@ -49,6 +49,7 @@
<div class="form_submit_buttons">
<a href="{{ media.url_for_self(request.urlgen) }}">Cancel</a>
<input type="submit" value="Save changes" class="button" />
+ {{ csrf_token }}
</div>
</div>
</form>
diff --git a/mediagoblin/templates/mediagoblin/edit/edit.html b/mediagoblin/templates/mediagoblin/edit/edit.html
index 8c4e2efb..b4b3be85 100644
--- a/mediagoblin/templates/mediagoblin/edit/edit.html
+++ b/mediagoblin/templates/mediagoblin/edit/edit.html
@@ -35,6 +35,7 @@
<div class="form_submit_buttons">
<a href="{{ media.url_for_self(request.urlgen) }}">{% trans %}Cancel{% endtrans %}</a>
<input type="submit" value="{% trans %}Save changes{% endtrans %}" class="button" />
+ {{ csrf_token }}
</div>
</div>
</form>
diff --git a/mediagoblin/templates/mediagoblin/edit/edit_profile.html b/mediagoblin/templates/mediagoblin/edit/edit_profile.html
index 464c663d..93b2a792 100644
--- a/mediagoblin/templates/mediagoblin/edit/edit_profile.html
+++ b/mediagoblin/templates/mediagoblin/edit/edit_profile.html
@@ -33,6 +33,7 @@
{{ wtforms_util.render_divs(form) }}
<div class="form_submit_buttons">
<input type="submit" value="{% trans %}Save changes{% endtrans %}" class="button" />
+ {{ csrf_token }}
</div>
</div>
</form>
diff --git a/mediagoblin/templates/mediagoblin/submit/start.html b/mediagoblin/templates/mediagoblin/submit/start.html
index f2e844df..7bc6ff45 100644
--- a/mediagoblin/templates/mediagoblin/submit/start.html
+++ b/mediagoblin/templates/mediagoblin/submit/start.html
@@ -26,6 +26,7 @@
<h1>{% trans %}Submit yer media{% endtrans %}</h1>
{{ wtforms_util.render_divs(submit_form) }}
<div class="form_submit_buttons">
+ {{ csrf_token }}
<input type="submit" value="{% trans %}Submit{% endtrans %}" class="button" />
</div>
</div>
diff --git a/mediagoblin/templates/mediagoblin/test_submit.html b/mediagoblin/templates/mediagoblin/test_submit.html
index 78b88ae8..190b9ac3 100644
--- a/mediagoblin/templates/mediagoblin/test_submit.html
+++ b/mediagoblin/templates/mediagoblin/test_submit.html
@@ -26,6 +26,7 @@
<tr>
<td></td>
<td><input type="submit" value="submit" class="button" /></td>
+ {{ csrf_token }}
</tr>
</table>
</form>
diff --git a/mediagoblin/templates/mediagoblin/user_pages/media.html b/mediagoblin/templates/mediagoblin/user_pages/media.html
index 442bef6d..433f74dc 100644
--- a/mediagoblin/templates/mediagoblin/user_pages/media.html
+++ b/mediagoblin/templates/mediagoblin/user_pages/media.html
@@ -72,6 +72,7 @@
{{ wtforms_util.render_divs(comment_form) }}
<div class="form_submit_buttons">
<input type="submit" value="{% trans %}Post comment!{% endtrans %}" class="button" />
+ {{ csrf_token }}
</div>
</form>
{% endif %}
diff --git a/mediagoblin/templates/mediagoblin/user_pages/media_confirm_delete.html b/mediagoblin/templates/mediagoblin/user_pages/media_confirm_delete.html
index 48fbc3b0..3acf802b 100644
--- a/mediagoblin/templates/mediagoblin/user_pages/media_confirm_delete.html
+++ b/mediagoblin/templates/mediagoblin/user_pages/media_confirm_delete.html
@@ -42,6 +42,7 @@
{{ wtforms_util.render_divs(form) }}
<div class="form_submit_buttons">
<input type="submit" value="{% trans %}Save changes{% endtrans %}" class="button" />
+ {{ csrf_token }}
</div>
</div>
</form>
--
2.25.1