1. Andreas Madsack
  2. django-lfc

Commits

Kai Diefenbach  committed 666b2a7

Added some csrf tokens.

  • Participants
  • Parent commits b6c7220
  • Branches default

Comments (0)

Files changed (12)

File lfc/templates/lfc/manage/group.html

View file
  • Ignore whitespace
         <div id="data">
             <form action="{% url lfc_manage_save_group group.id %}"
                   method="POST">
+                {% csrf_token %}
                 {% include "lfc/manage/lfc_form.html" %}
                 <input type="submit" value='{% trans "Save group" %}' />
             </form>

File lfc/templates/lfc/manage/group_add.html

View file
  • Ignore whitespace
         <div id="data">
             <form action="{% url lfc_manage_add_group %}"
                   method="POST">
+                {% csrf_token %}
                 {% include "lfc/manage/lfc_form.html" %}
                 <input type="submit" value='{% trans "Add group" %}' />
             </form>

File lfc/templates/lfc/manage/role.html

View file
  • Ignore whitespace
         <div id="data">
             <form action="{% url lfc_manage_save_role role.id %}"
                   method="POST">
+                {% csrf_token %}
                 {% include "lfc/manage/lfc_form.html" %}
                 <input type="submit" value='{% trans "Save role" %}' />
             </form>

File lfc/templates/lfc/manage/user_add.html

View file
  • Ignore whitespace
         <ul class="sf-menu">
             <li>
                 <a href="{% url lfc_manage_users %}">{% trans "Overview" %}</a>
-            </li>            
+            </li>
         </ul>
     </div>
 
         <div id="data">
             <form action="{% url lfc_add_user %}"
                   method="POST">
+                {% csrf_token %}
                 {% include "lfc/manage/lfc_form.html" %}
-
                 <input type="submit"
                        value="{% trans 'Save user' %}" />
 

File lfc/templates/lfc/manage/users_inline.html

View file
  • Ignore whitespace
 <div id="data" style="margin-top: 10px; margin-left: 30px; ">
     <form action="{% url lfc_manage_change_users %}"e
           method="POST">
+        {% csrf_token %}
         <table class="users lfs-manage-table full">
             <tr class="header">
                 <th class="tiny padr">

File lfc/templates/lfc/manage/workflow_add.html

View file
  • Ignore whitespace
         <div id="data">
             <form action="{% url lfc_manage_add_workflow %}"
                   method="POST">
+                {% csrf_token %}
                 {% include "lfc/manage/lfc_form.html" %}
                 <input type="submit" value='{% trans "Add" %}' />
             </form>

File lfc/templates/lfc/manage/workflow_data.html

View file
  • Ignore whitespace
 {% load i18n %}
 <form action="{% url lfc_manage_save_workflow_data workflow.id %}"
       method="POST">
-
+    {% csrf_token %}
     <h2 class="first-heading">{% trans "Data" %}</h2>
 
     {% include "lfc/manage/lfc_form.html" %}

File lfc/templates/lfc/manage/workflow_permissions.html

View file
  • Ignore whitespace
 
 <form action="{% url lfc_manage_save_workflow_permissions workflow.id %}"
       method="POST">
+    {% crsf_token %}
     {% for permission in permissions %}
         <div>
             <input type="checkbox" name="permission" value="{{ permission.id }}" {% if permission.checked %}checked="checked"{% endif %} />

File lfc/templates/lfc/manage/workflow_state.html

View file
  • Ignore whitespace
     </h1>
     <form action="{% url lfc_manage_save_workflow_state state.id %}"
           method="POST">
-            {% include "lfc/manage/lfc_form.html" %}
-
+        {% crsf_token %}
+        {% include "lfc/manage/lfc_form.html" %}
         <div class="field">
             <div class="label">
                 <label>{% trans "Type" %}:</label>

File lfc/templates/lfc/manage/workflow_states.html

View file
  • Ignore whitespace
         </a>
         <a class="ajax-link" href="{% url lfc_manage_state state.id %}">
             {% trans state.name %}
-            
+
         </a>
     </h3>
     {% for transition in state.transitions.all %}
 
 <form action="{% url lfc_manage_add_workflow_state workflow.id %}"
       method="POST">
+    {% crsf_token %}
     <input name="name" type="text" />
     <input class="ajax-submit"
            type="submit" value='{% trans "Add state" %}'/>

File lfc/templates/lfc/manage/workflow_transition.html

View file
  • Ignore whitespace
     </h1>
     <form action="{% url lfc_manage_save_workflow_transition transition.id %}"
           method="POST">
-
+        {% crsf_token %}
         {% include "lfc/manage/lfc_form.html" %}
-
         <div class="manage-form-buttons">
             <input class="ajax-submit"
                    type="submit" value='{% trans "Save" %}' />

File lfc/templates/lfc/manage/workflow_transitions.html

View file
  • Ignore whitespace
         <a class="delete-link" href="{% url lfc_manage_delete_workflow_transition transition.id %}">
             <img class="icon" src="{{ MEDIA_URL }}lfc/icons/cancel.png" />
         </a>
-        
+
         <a class="ajax-link" href="{% url lfc_manage_transition transition.id %}">
             {% trans transition.name %}
         </a>
 
 <form action="{% url lfc_manage_add_workflow_transition workflow.id %}"
       method="POST">
+    {% crsf_token %}
     <input name="name" type="text" />
     <input class="ajax-submit"
            type="submit" value='{% trans "Add transition" %}' />