Commits

Kai Diefenbach  committed 9d76f29

Added more csrf tokens.

  • Participants
  • Parent commits 91cb1bc

Comments (0)

Files changed (6)

File lfc/templates/lfc/manage/content_types.html

         <ul>
             <li><a href="#data">{{ ctr.name }}</a></li>
         </ul>
-
         <div id="data">
             <form action="{% url lfc_content_type ctr.id %}"
                   method="POST">
-
+                {% csrf_token %}
                 {% include "lfc/manage/lfc_form.html" %}
-
                 <input type="submit"
                        value="{% trans 'Save content type' %}" />
             </form>

File lfc/templates/lfc/manage/object_files.html

     {% if obj.files.all %}
         <form id="object-files-update-form"
               action="{% url lfc_update_files obj.id %}"
-              method="post">
-
+              method="POST">
+            {% csrf_token %}
             <table class="lfs-manage-table">
                 <tr>
                     <th class="tiny">
                             {% else %}
                                 <span class="blank"></span>
                             {% endif %}
-                            <a class="download" 
+                            <a class="download"
                                href="{{ file.get_absolute_url }}"
                                title='{% trans "Download" %}'></a>
                             <a class="edit ajax-link"
           action="{% url lfc_add_files obj.id %}"
           method="post"
           enctype="multipart/form-data">
-          <input class="button" type="file" name="file" multiple />
+        {% csrf_token %}
+        <input class="button" type="file" name="file" multiple />
     </form>
     <table id="files-table" data="{% url lfc_load_object_files obj.id %}" msg='{% trans "Uploading files:" %}'></table>
     <script>
                 }
             });
         });
-    </script>    
+    </script>
 {% else %}
     {% if obj.files.all %}
         <table class="lfs-manage-table half">

File lfc/templates/lfc/manage/object_images.html

         <form id="object-images-update-form"
               action="{% url lfc_update_images obj.id %}"
               method="post">
-
+            {% csrf_token %}
             <table class="lfs-manage-table">
                 <tr>
                     <th class="tiny">
               action="{% url lfc_add_images obj.id %}"
               method="post"
               enctype="multipart/form-data">
+              {% csrf_token %}
               <input class="button" type="file" name="file" multiple />
         </form>
         <table id="images-table" data="{% url lfc_load_object_images obj.id %}" msg='{% trans "Uploading images:" %}'></table>

File lfc/templates/lfc/manage/portal_files.html

         <form id="object-files-update-form"
               action="{% url lfc_update_portal_files %}"
               method="post">
-
+            {% csrf_token %}
             <table class="lfs-manage-table">
                 <tr>
                     <th class="tiny">
                             {% else %}
                                 <span class="blank"></span>
                             {% endif %}
-                            <a class="download" 
+                            <a class="download"
                                href="{{ file.get_absolute_url }}"
                                title='{% trans "Download" %}'></a>
                             <a class="edit ajax-link"
           action="{% url lfc_add_portal_files %}"
           method="post"
           enctype="multipart/form-data">
+          {% csrf_token %}
           <input class="button" type="file" name="file" multiple />
     </form>
     <table id="files-table" data="{% url lfc_load_portal_files %}" msg='{% trans "Uploading files:" %}'></table>
                 }
             });
         });
-    </script>    
+    </script>
 {% else %}
     {% if obj.files.all %}
         <table class="lfs-manage-table half">
                 </th>
                 <th class="middle right-padding">
                     {% trans 'Creation date' %}
-                </th>                
+                </th>
             </tr>
             {% for file in obj.files.all %}
                 <tr>
                     </td>
                     <td class="right">
                         {{ file.creation_date|date:"Y-m-d H:i:s" }}
-                    </td>                    
+                    </td>
                 </tr>
             {% endfor %}
         </table>

File lfc/templates/lfc/manage/portal_images.html

         <form id="object-images-update-form"
               action="{% url lfc_update_portal_images %}"
               method="post">
-
+            {% csrf_token %}
             <table class="lfs-manage-table">
                 <tr>
                     <th class="tiny">
               action="{% url lfc_add_portal_images %}"
               method="post"
               enctype="multipart/form-data">
+              {% csrf_token %}
               <input class="button" type="file" name="file" multiple />
         </form>
     </div>

File lfc/templates/lfc/manage/templates.html

 {% if display %}
     <form action="{% url lfc_set_template %}"
           method="post">
+        {% csrf_token %}
         <select name="template_id">
             {% for template in templates %}
                 <option {% ifequal template.id current_template  %}selected="selected"{% endifequal %}value="{{ template.id }}">
                     {% trans template.name %}
                 </option>
-            {% endfor %}    
-        </select>   
-    
+            {% endfor %}
+        </select>
+
         <input type="hidden" name="obj_id" value="{{ obj_id }}" />
-        <input type="submit" value="{% trans 'Go!' %}" /> 
+        <input type="submit" value="{% trans 'Go!' %}" />
     </form>
 {% else %}
     &nbsp;