Commit c37b840f authored by Florian Fuchs's avatar Florian Fuchs

- missing csrf tokens in templates contributed by Richard Wackerbarth (LP: 996658)

- added csrf middleware to dev_setup settings
parents 56317150 3a28c766
......@@ -25,6 +25,7 @@ along with Postorius. If not, see <http://www.gnu.org/licenses/>.
(2012-XX-XX)
* dev setup fix for Django 1.4 contributed by Rohan Jain
* missing csrf tokens in templates contributed by Richard Wackerbarth (LP: 996658)
1.0 alpha 1 -- "Space Farm"
......
......@@ -116,6 +116,7 @@ TEMPLATE_CONTEXT_PROCESSORS = (
MIDDLEWARE_CLASSES = (
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.locale.LocaleMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
......
......@@ -25,6 +25,7 @@ along with postorius. If not, see <http://www.gnu.org/licenses/>.
(2012-XX-XX)
* dev setup fix for Django 1.4 contributed by Rohan Jain
* missing csrf tokens in templates contributed by Richard Wackerbarth (LP: 996658)
1.0 alpha 1 -- "Space Farm"
......
......@@ -4,7 +4,7 @@
{% block main %}
<h1>{% trans 'Confirm' %}</h1>
<p>{% trans "Are you sure?" %}</p>
<form action="{{submit_url}}" method="post">
<form action="{{submit_url}}" method="post"> {% csrf_token %}
<button class="btn btn-danger" type="submit">{% trans "OK" %}</button>
<a class="btn" href="{{cancel_url}}">{% trans "Cancel" %}</a>
</form>
......
......@@ -4,7 +4,7 @@
{% block main %}
{% include 'postorius/menu/settings_nav.html' %}
<h1>{% trans "Add a new Domain" %}</h1>
<form action="{% url domain_new %}" method="post" class="well">
<form action="{% url domain_new %}" method="post" class="well"> {% csrf_token %}
{{ form.as_p }}
<div class="field">
<button class="btn btn-success" type="submit">{% trans "Create Domain" %}</button>
......
......@@ -6,7 +6,7 @@
{% include 'postorius/menu/list_nav.html' %}
{% endif %}
<h1>{% trans "Mass Subscribe" %} <span>- {{list.fqdn_listname}}</span></h1>
<form action="{% url mass_subscribe list.fqdn_listname %}" method="post" class="well">
<form action="{% url mass_subscribe list.fqdn_listname %}" method="post" class="well"> {% csrf_token %}
{{ form.as_p }}
<button class="btn btn-primary" type="submit">{% trans "Subscribe users" %}</button>
</form>
......
......@@ -3,7 +3,7 @@
{% block main %}
<h1>{% trans "Create a new List" %} {{ block.super }}</h1>
<form action="{% url list_new %}" method="post" class="well">
<form action="{% url list_new %}" method="post" class="well"> {% csrf_token %}
{{ form.as_p }}
<button class="btn btn-success" type="submit">{% trans "Create List" %}</button>
</form>
......
......@@ -12,7 +12,7 @@
</ul>
{% if visible_section %}
<form class="well" action="{% url list_settings fqdn_listname=list.fqdn_listname visible_section=visible_section visible_option=visible_option %}" method="post" class="list_settings">
<form class="well" action="{% url list_settings fqdn_listname=list.fqdn_listname visible_section=visible_section visible_option=visible_option %}" method="post" class="list_settings"> {% csrf_token %}
{{ form.as_p }}
<button class="btn btn-primary" type="submit">{%trans "Save changes" %}</button>
</form>
......
......@@ -3,7 +3,7 @@
{% block main %}
<h1>{% trans 'Subscribe' %} <span>{{ list.fqdn_listname}}</span></h1>
<form action="{% url list_subscribe list.fqdn_listname %}" method="post" class="list_subscribe">
<form action="{% url list_subscribe list.fqdn_listname %}" method="post" class="list_subscribe"> {% csrf_token %}
{{form.as_p}}
<input class="btn btn-primary" type="submit" value="{% trans 'Subscribe' %}" />
</form>
......
......@@ -4,7 +4,7 @@
{% block main %}
{{list.list_name}} <span>{{list.display_name}}</span>
{% if form_subscribe %}
<form action="{%url list_subscriptions list.fqdn_listname %}" method="post" class="subscribe mm_clear" name="subscribe">
<form action="{%url list_subscriptions list.fqdn_listname %}" method="post" class="subscribe mm_clear" name="subscribe"> {% csrf_token %}
{{ form_subscribe.as_div }}
<div class="field">
<button type="submit">{% trans "Subscribe" %}</button>
......@@ -13,7 +13,7 @@
</form>
{% endif %}
{% if form_unsubscribe %}
<form action="{% url list_subscriptions list.fqdn_listname %}" method="post" class="unsubscribe mm_clear" name="unsubscribe">
<form action="{% url list_subscriptions list.fqdn_listname %}" method="post" class="unsubscribe mm_clear" name="unsubscribe"> {% csrf_token %}
{{ form_unsubscribe.as_div }}
<div class="field">
<button type="submit">{% trans "Unsubscribe" %}</button>
......
......@@ -15,7 +15,7 @@
<h2>{% trans 'Membership' %}</h2>
{% if user.is_authenticated %}
<form action="{% url list_subscribe list.fqdn_listname %}" method="post" class="list_subscribe">
<form action="{% url list_subscribe list.fqdn_listname %}" method="post" class="list_subscribe"> {% csrf_token %}
{{subscribe_form.as_p}}
<input class="btn btn-success" type="submit" value="{% trans 'Subscribe' %}" />
<a href="{% url list_unsubscribe list.fqdn_listname user.email %}" class="btn btn-danger">Unsubscribe</a>
......
......@@ -5,7 +5,7 @@
<h2>Login with username and password</h2>
<form action="" method="post" class="login mm_clear">
<form action="" method="post" class="login mm_clear"> {% csrf_token %}
{{ form.as_p }}
<div class="field">
<button class="btn btn-primary" type="submit">{% trans "Login" %}</button>
......@@ -17,7 +17,7 @@
<!--
<h2>Login using OpenID</h2>
<form method="post" action="{% url socialauth_begin 'openid' %}">
<form method="post" action="{% url socialauth_begin 'openid' %}"> {% csrf_token %}
OpenID URL: <input type="text" name="openid_identifier" />
<input type="submit" value="Login using OpenID" />
</form>
......@@ -27,7 +27,7 @@
<h2>Login using BrowserID</h2>
<form method="post" action="{% url socialauth_complete "browserid" %}">
<form method="post" action="{% url socialauth_complete "browserid" %}"> {% csrf_token %}
<input type="hidden" name="assertion" value="" />
<a rel="nofollow" id="browserid" href="#"><img src="{{ STATIC_URL }}postorius/default/img/sign_in_blue.png" alt="Login using BrowserID" /></a>
</form>
......@@ -36,7 +36,7 @@
{% block additionaljs %}
<!-- Include BrowserID JavaScript -->
<script src="https://browserid.org/include.js" type="text/javascript"></script>
<!-- Setup click handler that retieves BrowserID assertion code and sends
<!-- Setup click handler that receives BrowserID assertion code and sends
POST data -->
<script type="text/javascript">
$(function () {
......
......@@ -68,9 +68,9 @@
{% trans "advertised" %} Link:TODO
</a>
</li>
<li {% if selected == "anonymus_list" %}id="selected"{% endif %}>
<li {% if selected == "anonymous_list" %}id="selected"{% endif %}>
<a href="{% comment %}{% url ... %}{% endcomment %}">
{% trans "anonymus_list" %} Link:TODO
{% trans "anonymous_list" %} Link:TODO
</a>
</li>
</ul></div>
......
......@@ -9,7 +9,7 @@
{% trans "Archive" %} #TODO link
</a>
</li>
<li {% if selected == "auto_resonder" %}id="selected"{% endif %}>
<li {% if selected == "auto_responder" %}id="selected"{% endif %}>
<a href="{% url list_settings fqdn_listname=fqdn_listname visible_section='Automatic Responses' visible_option=None %}">
{% trans "Auto Responder" %}
</a>
......@@ -52,9 +52,9 @@
{% trans "Message" %} Link:TODO
</a>
</li>
<li {% if selected == "filter_receipent" %}id="selected"{% endif %}>
<li {% if selected == "filter_recipient" %}id="selected"{% endif %}>
<a href="{% comment %}{% url ... %}{% endcomment %}">
{% trans "Receipent" %} Link:TODO
{% trans "Recipient" %} Link:TODO
</a>
</li>
<li {% if selected == "filter_spam" %}id="selected"{% endif %}>
......
......@@ -14,14 +14,14 @@
{% trans "Subscribe" %}
</a>
<div><ul class="menu">
<li{% if selected == "join_adress" %}id="selected"{% endif %}>
<li{% if selected == "join_address" %}id="selected"{% endif %}>
<a href="{% comment %}{% url ... %}TODO add List{% endcomment %}">
{% trans "Join Adress" %} Link:TODO
{% trans "Join Address" %} Link:TODO
</a>
</li>
<li{% if selected == "owner_adress" %}id="selected"{% endif %}>
<a href="{% comment %}{% url ... %}TODO add List{% endcomment %}">
{% trans "Owner Adress" %} Link:TODO
{% trans "Owner Address" %} Link:TODO
</a>
</li>
<li{% if selected == "mass_subscribe" %}id="selected"{% endif %}>
......@@ -38,7 +38,7 @@
<div><ul class="menu">
<li{% if selected == "leave_adress" %}id="selected"{% endif %}>
<a href="{% comment %}{% url ... %}TODO add List{% endcomment %}">
{% trans "Leave Adress" %} Link:TODO
{% trans "Leave Address" %} Link:TODO
</a>
</li>
</ul></div>
......
......@@ -55,7 +55,7 @@ src="http://code.jquery.com/jquery-latest.js"></script>
<h2>List Preferences Overview</h2>
<p><em class="errorlist">Sample output: not real</em></p>
<input id="btnHide" type="button" value="{% trans "Hide Descriptions" %}"/>
<form action="#">
<form action="#"> {% csrf_token %}
<table class="table table-bordered table-striped">
<tr>
<th>{% trans "Setting" %}</th>
......
......@@ -16,9 +16,9 @@
<div class="mm_boxHeader">
{% trans "Content" %}
</div>
<p>{%trans "Use this page to manage your account. You'll be able to see a list of your subscirbed lists, modify these membership settings of the list and your personal preferences in user_settings <a href='https://bugs.launchpad.net/mailman/+bug/821438' >LP:821438</a> is solved <br>" %}</p>
<p>{%trans "Use this page to manage your account. You'll be able to see a list of your subscribed lists, modify these membership settings of the list and your personal preferences in user_settings <a href='https://bugs.launchpad.net/mailman/+bug/821438' >LP:821438</a> is solved <br>" %}</p>
{% if form %}
<form action="" method="post" class="user" name="user">
<form action="" method="post" class="user" name="user"> {% csrf_token %}
<ul class="">
{{ form.as_div }}
<li class="field">
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment