Commit cbfd1dee authored by Richard Wackerbarth's avatar Richard Wackerbarth

Add csrf tokens -- Bug #996658

parent 56317150
......@@ -4,7 +4,7 @@
{% block main %}
<h1>{% trans 'Confirm' %}</h1>
<p>{% trans "Are you sure?" %}</p>
<form action="{{submit_url}}" method="post">
<form action="{{submit_url}}" method="post"> {% csrf_token %}
<button class="btn btn-danger" type="submit">{% trans "OK" %}</button>
<a class="btn" href="{{cancel_url}}">{% trans "Cancel" %}</a>
</form>
......
......@@ -4,7 +4,7 @@
{% block main %}
{% include 'postorius/menu/settings_nav.html' %}
<h1>{% trans "Add a new Domain" %}</h1>
<form action="{% url domain_new %}" method="post" class="well">
<form action="{% url domain_new %}" method="post" class="well"> {% csrf_token %}
{{ form.as_p }}
<div class="field">
<button class="btn btn-success" type="submit">{% trans "Create Domain" %}</button>
......
......@@ -6,7 +6,7 @@
{% include 'postorius/menu/list_nav.html' %}
{% endif %}
<h1>{% trans "Mass Subscribe" %} <span>- {{list.fqdn_listname}}</span></h1>
<form action="{% url mass_subscribe list.fqdn_listname %}" method="post" class="well">
<form action="{% url mass_subscribe list.fqdn_listname %}" method="post" class="well"> {% csrf_token %}
{{ form.as_p }}
<button class="btn btn-primary" type="submit">{% trans "Subscribe users" %}</button>
</form>
......
......@@ -3,7 +3,7 @@
{% block main %}
<h1>{% trans "Create a new List" %} {{ block.super }}</h1>
<form action="{% url list_new %}" method="post" class="well">
<form action="{% url list_new %}" method="post" class="well"> {% csrf_token %}
{{ form.as_p }}
<button class="btn btn-success" type="submit">{% trans "Create List" %}</button>
</form>
......
......@@ -12,7 +12,7 @@
</ul>
{% if visible_section %}
<form class="well" action="{% url list_settings fqdn_listname=list.fqdn_listname visible_section=visible_section visible_option=visible_option %}" method="post" class="list_settings">
<form class="well" action="{% url list_settings fqdn_listname=list.fqdn_listname visible_section=visible_section visible_option=visible_option %}" method="post" class="list_settings"> {% csrf_token %}
{{ form.as_p }}
<button class="btn btn-primary" type="submit">{%trans "Save changes" %}</button>
</form>
......
......@@ -3,7 +3,7 @@
{% block main %}
<h1>{% trans 'Subscribe' %} <span>{{ list.fqdn_listname}}</span></h1>
<form action="{% url list_subscribe list.fqdn_listname %}" method="post" class="list_subscribe">
<form action="{% url list_subscribe list.fqdn_listname %}" method="post" class="list_subscribe"> {% csrf_token %}
{{form.as_p}}
<input class="btn btn-primary" type="submit" value="{% trans 'Subscribe' %}" />
</form>
......
......@@ -4,7 +4,7 @@
{% block main %}
{{list.list_name}} <span>{{list.display_name}}</span>
{% if form_subscribe %}
<form action="{%url list_subscriptions list.fqdn_listname %}" method="post" class="subscribe mm_clear" name="subscribe">
<form action="{%url list_subscriptions list.fqdn_listname %}" method="post" class="subscribe mm_clear" name="subscribe"> {% csrf_token %}
{{ form_subscribe.as_div }}
<div class="field">
<button type="submit">{% trans "Subscribe" %}</button>
......@@ -13,7 +13,7 @@
</form>
{% endif %}
{% if form_unsubscribe %}
<form action="{% url list_subscriptions list.fqdn_listname %}" method="post" class="unsubscribe mm_clear" name="unsubscribe">
<form action="{% url list_subscriptions list.fqdn_listname %}" method="post" class="unsubscribe mm_clear" name="unsubscribe"> {% csrf_token %}
{{ form_unsubscribe.as_div }}
<div class="field">
<button type="submit">{% trans "Unsubscribe" %}</button>
......
......@@ -15,7 +15,7 @@
<h2>{% trans 'Membership' %}</h2>
{% if user.is_authenticated %}
<form action="{% url list_subscribe list.fqdn_listname %}" method="post" class="list_subscribe">
<form action="{% url list_subscribe list.fqdn_listname %}" method="post" class="list_subscribe"> {% csrf_token %}
{{subscribe_form.as_p}}
<input class="btn btn-success" type="submit" value="{% trans 'Subscribe' %}" />
<a href="{% url list_unsubscribe list.fqdn_listname user.email %}" class="btn btn-danger">Unsubscribe</a>
......
......@@ -5,7 +5,7 @@
<h2>Login with username and password</h2>
<form action="" method="post" class="login mm_clear">
<form action="" method="post" class="login mm_clear"> {% csrf_token %}
{{ form.as_p }}
<div class="field">
<button class="btn btn-primary" type="submit">{% trans "Login" %}</button>
......@@ -17,7 +17,7 @@
<!--
<h2>Login using OpenID</h2>
<form method="post" action="{% url socialauth_begin 'openid' %}">
<form method="post" action="{% url socialauth_begin 'openid' %}"> {% csrf_token %}
OpenID URL: <input type="text" name="openid_identifier" />
<input type="submit" value="Login using OpenID" />
</form>
......@@ -27,7 +27,7 @@
<h2>Login using BrowserID</h2>
<form method="post" action="{% url socialauth_complete "browserid" %}">
<form method="post" action="{% url socialauth_complete "browserid" %}"> {% csrf_token %}
<input type="hidden" name="assertion" value="" />
<a rel="nofollow" id="browserid" href="#"><img src="{{ STATIC_URL }}postorius/default/img/sign_in_blue.png" alt="Login using BrowserID" /></a>
</form>
......
......@@ -55,7 +55,7 @@ src="http://code.jquery.com/jquery-latest.js"></script>
<h2>List Preferences Overview</h2>
<p><em class="errorlist">Sample output: not real</em></p>
<input id="btnHide" type="button" value="{% trans "Hide Descriptions" %}"/>
<form action="#">
<form action="#"> {% csrf_token %}
<table class="table table-bordered table-striped">
<tr>
<th>{% trans "Setting" %}</th>
......
......@@ -18,7 +18,7 @@
</div>
<p>{%trans "Use this page to manage your account. You'll be able to see a list of your subscirbed lists, modify these membership settings of the list and your personal preferences in user_settings <a href='https://bugs.launchpad.net/mailman/+bug/821438' >LP:821438</a> is solved <br>" %}</p>
{% if form %}
<form action="" method="post" class="user" name="user">
<form action="" method="post" class="user" name="user"> {% csrf_token %}
<ul class="">
{{ form.as_div }}
<li class="field">
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment