Commits

David Chambers committed dde653e

Added `csrf_token` to both the contact form and the comment form.

Comments (0)

Files changed (2)

templates/contact.dhtml

 {% block title %}Contact{% endblock %}
 {% block content %}
 			<h1>Contact</h1>{% if form %}
-			<form id="contact" method="post">
+			<form id="contact" method="post">{% csrf_token %}
 				<fieldset>
 					<div>{% with form.sender_name as field %}{% with form.fields.sender_name as attributes %}
 						{{ field.errors }}

templates/document.dhtml

 					<p>Your comment is awaiting moderation.</p>{% endif %}{% endif %}{% if thread.allow_comments %}
 					<{{ RESPOND_HEADING_TAG }} id="respond">{{ RESPOND_HEADING_TEXT }}</{{ RESPOND_HEADING_TAG }}>
 					{{ form.non_field_errors }}
-					<form id="comment" method="post">
+					<form id="comment" method="post">{% csrf_token %}
 						<fieldset>
 							<div>{% with form.fields.author_name as field %}{% with form.author_name as this %}
 								{{ this.errors }}