From 0a8a3fc1571100aba3bd3a3dec98f5e9e252780b Mon Sep 17 00:00:00 2001 From: Nathan Yergler <nathan@yergler.net> Date: Sun, 4 Sep 2011 18:16:03 -0700 Subject: [PATCH] Issue 361: Include the CSRF token in all forms --- mediagoblin/templates/mediagoblin/auth/login.html | 1 + mediagoblin/templates/mediagoblin/auth/register.html | 1 + mediagoblin/templates/mediagoblin/edit/attachments.html | 1 + mediagoblin/templates/mediagoblin/edit/edit.html | 1 + mediagoblin/templates/mediagoblin/edit/edit_profile.html | 1 + mediagoblin/templates/mediagoblin/submit/start.html | 1 + mediagoblin/templates/mediagoblin/test_submit.html | 1 + mediagoblin/templates/mediagoblin/user_pages/media.html | 1 + .../templates/mediagoblin/user_pages/media_confirm_delete.html | 1 + 9 files changed, 9 insertions(+) diff --git a/mediagoblin/templates/mediagoblin/auth/login.html b/mediagoblin/templates/mediagoblin/auth/login.html index 958cf9ea..1be58560 100644 --- a/mediagoblin/templates/mediagoblin/auth/login.html +++ b/mediagoblin/templates/mediagoblin/auth/login.html @@ -22,6 +22,7 @@ {% block mediagoblin_content %} <form action="{{ request.urlgen('mediagoblin.auth.login') }}" method="POST" enctype="multipart/form-data"> + {{ csrf_token }} <div class="grid_6 prefix_1 suffix_1 form_box"> <h1>{% trans %}Log in{% endtrans %}</h1> {% if login_failed %} diff --git a/mediagoblin/templates/mediagoblin/auth/register.html b/mediagoblin/templates/mediagoblin/auth/register.html index e72b3a52..25b68058 100644 --- a/mediagoblin/templates/mediagoblin/auth/register.html +++ b/mediagoblin/templates/mediagoblin/auth/register.html @@ -26,6 +26,7 @@ <div class="grid_6 prefix_1 suffix_1 form_box"> <h1>{% trans %}Create an account!{% endtrans %}</h1> {{ wtforms_util.render_divs(register_form) }} + {{ csrf_token }} <div class="form_submit_buttons"> <input type="submit" value="{% trans %}Create{% endtrans %}" class="button" /> diff --git a/mediagoblin/templates/mediagoblin/edit/attachments.html b/mediagoblin/templates/mediagoblin/edit/attachments.html index 63b06581..d8b55f58 100644 --- a/mediagoblin/templates/mediagoblin/edit/attachments.html +++ b/mediagoblin/templates/mediagoblin/edit/attachments.html @@ -49,6 +49,7 @@ <div class="form_submit_buttons"> <a href="{{ media.url_for_self(request.urlgen) }}">Cancel</a> <input type="submit" value="Save changes" class="button" /> + {{ csrf_token }} </div> </div> </form> diff --git a/mediagoblin/templates/mediagoblin/edit/edit.html b/mediagoblin/templates/mediagoblin/edit/edit.html index 8c4e2efb..b4b3be85 100644 --- a/mediagoblin/templates/mediagoblin/edit/edit.html +++ b/mediagoblin/templates/mediagoblin/edit/edit.html @@ -35,6 +35,7 @@ <div class="form_submit_buttons"> <a href="{{ media.url_for_self(request.urlgen) }}">{% trans %}Cancel{% endtrans %}</a> <input type="submit" value="{% trans %}Save changes{% endtrans %}" class="button" /> + {{ csrf_token }} </div> </div> </form> diff --git a/mediagoblin/templates/mediagoblin/edit/edit_profile.html b/mediagoblin/templates/mediagoblin/edit/edit_profile.html index 464c663d..93b2a792 100644 --- a/mediagoblin/templates/mediagoblin/edit/edit_profile.html +++ b/mediagoblin/templates/mediagoblin/edit/edit_profile.html @@ -33,6 +33,7 @@ {{ wtforms_util.render_divs(form) }} <div class="form_submit_buttons"> <input type="submit" value="{% trans %}Save changes{% endtrans %}" class="button" /> + {{ csrf_token }} </div> </div> </form> diff --git a/mediagoblin/templates/mediagoblin/submit/start.html b/mediagoblin/templates/mediagoblin/submit/start.html index f2e844df..7bc6ff45 100644 --- a/mediagoblin/templates/mediagoblin/submit/start.html +++ b/mediagoblin/templates/mediagoblin/submit/start.html @@ -26,6 +26,7 @@ <h1>{% trans %}Submit yer media{% endtrans %}</h1> {{ wtforms_util.render_divs(submit_form) }} <div class="form_submit_buttons"> + {{ csrf_token }} <input type="submit" value="{% trans %}Submit{% endtrans %}" class="button" /> </div> </div> diff --git a/mediagoblin/templates/mediagoblin/test_submit.html b/mediagoblin/templates/mediagoblin/test_submit.html index 78b88ae8..190b9ac3 100644 --- a/mediagoblin/templates/mediagoblin/test_submit.html +++ b/mediagoblin/templates/mediagoblin/test_submit.html @@ -26,6 +26,7 @@ <tr> <td></td> <td><input type="submit" value="submit" class="button" /></td> + {{ csrf_token }} </tr> </table> </form> diff --git a/mediagoblin/templates/mediagoblin/user_pages/media.html b/mediagoblin/templates/mediagoblin/user_pages/media.html index 442bef6d..433f74dc 100644 --- a/mediagoblin/templates/mediagoblin/user_pages/media.html +++ b/mediagoblin/templates/mediagoblin/user_pages/media.html @@ -72,6 +72,7 @@ {{ wtforms_util.render_divs(comment_form) }} <div class="form_submit_buttons"> <input type="submit" value="{% trans %}Post comment!{% endtrans %}" class="button" /> + {{ csrf_token }} </div> </form> {% endif %} diff --git a/mediagoblin/templates/mediagoblin/user_pages/media_confirm_delete.html b/mediagoblin/templates/mediagoblin/user_pages/media_confirm_delete.html index 48fbc3b0..3acf802b 100644 --- a/mediagoblin/templates/mediagoblin/user_pages/media_confirm_delete.html +++ b/mediagoblin/templates/mediagoblin/user_pages/media_confirm_delete.html @@ -42,6 +42,7 @@ {{ wtforms_util.render_divs(form) }} <div class="form_submit_buttons"> <input type="submit" value="{% trans %}Save changes{% endtrans %}" class="button" /> + {{ csrf_token }} </div> </div> </form> -- 2.25.1