File tree Expand file tree Collapse file tree 7 files changed +20
-1
lines changed
share/roundup/templates/classic/html Expand file tree Collapse file tree 7 files changed +20
-1
lines changed Original file line number Diff line number Diff line change 4747 tal:attributes ="action context/designator ">
4848< textarea rows ="15 " style ="width:90% " name ="rows " tal:content ="context/csv "> </ textarea >
4949< br >
50+ < input name ="@csrf " type ="hidden "
51+ tal:attributes ="value python:utils.anti_csrf_nonce() ">
5052< input type ="hidden " name ="@action " value ="editCSV ">
5153< input type ="submit " value ="Edit Items " i18n:attributes ="value ">
5254</ form >
Original file line number Diff line number Diff line change 154154 < form style ="padding:0 " method ="POST " tal:condition ="context/is_edit_ok "
155155 tal:attributes ="action string:issue${context/id} ">
156156 < input type ="hidden " name ="@remove@files " tal:attributes ="value file/id ">
157+ < input name ="@csrf " type ="hidden "
158+ tal:attributes ="value python:utils.anti_csrf_nonce() ">
157159 < input type ="hidden " name ="@action " value ="edit ">
158160 < input type ="submit " value ="remove " i18n:attributes ="value ">
159161 </ form >
175177 < form style ="padding:0 " method ="POST " tal:condition ="context/is_edit_ok "
176178 tal:attributes ="action string:issue${context/id} ">
177179 < input type ="hidden " name ="@remove@messages " tal:attributes ="value msg/id ">
180+ < input name ="@csrf " type ="hidden "
181+ tal:attributes ="value python:utils.anti_csrf_nonce() ">
178182 < input type ="hidden " name ="@action " value ="edit ">
179183 < input type ="submit " value ="remove " i18n:attributes ="value ">
180184 </ form >
Original file line number Diff line number Diff line change @@ -94,6 +94,8 @@ <h2><span metal:define-slot="body_title">body title</span></h2>
9494 i18n:attributes ="value "> < input class ="form-small " size ="4 "
9595 type ="text " name ="@number ">
9696 < input type ="hidden " name ="@type " value ="issue ">
97+ < input name ="@csrf " type ="hidden "
98+ tal:attributes ="value python:utils.anti_csrf_nonce() ">
9799 < input type ="hidden " name ="@action " value ="show ">
98100 </ p >
99101 </ form >
@@ -132,6 +134,8 @@ <h2><span metal:define-slot="body_title">body title</span></h2>
132134 < input type ="hidden " name ="@action " value ="Login ">
133135 < input type ="checkbox " name ="remember " id ="remember ">
134136 < label for ="remember " i18n:translate =""> Remember me?</ label > < br >
137+ < input name ="@csrf " type ="hidden "
138+ tal:attributes ="value python:utils.anti_csrf_nonce() ">
135139 < input type ="submit " value ="Login " i18n:attributes ="value "> < br >
136140 < input type ="hidden " name ="__came_from "
137141 tal:condition ="exists:request/env/QUERY_STRING "
Original file line number Diff line number Diff line change 157157</ tr >
158158</ tal:block >
159159< tr > < td colspan ="5 ">
160+ < input name ="@csrf " type ="hidden "
161+ tal:attributes ="value python:utils.anti_csrf_nonce() ">
160162 < input type ="hidden " name ="@action " value ="edit ">
161163 < input type ="hidden " name ="@template " value ="edit ">
162164 < input type ="submit " value ="Save Selection " i18n:attributes ="value ">
Original file line number Diff line number Diff line change 1919 < tr >
2020 < td > </ td >
2121 < td >
22+ < input name ="@csrf " type ="hidden "
23+ tal:attributes ="value python:utils.anti_csrf_nonce() ">
2224 < input type ="hidden " name ="@action " value ="passrst ">
2325 < input type ="hidden " name ="@template " value ="forgotten ">
2426 < input type ="submit " value ="Request password reset "
Original file line number Diff line number Diff line change 3737 < form style ="padding:0 " method ="POST "
3838 tal:attributes ="action string:user${user/id} ">
3939 < input type ="hidden " name ="@template " value ="index ">
40+ < input name ="@csrf " type ="hidden "
41+ tal:attributes ="value python:utils.anti_csrf_nonce() ">
4042 < input type ="hidden " name ="@action " value ="retire ">
4143 < input type ="submit " value ="retire " i18n:attributes ="value ">
4244 </ form >
Original file line number Diff line number Diff line change 5858 < td > </ td >
5959 < td >
6060 < input type ="hidden " name ="@template " value ="register ">
61- < input type ="hidden " name ="@required " value ="username,password,address ">
61+ < input type ="hidden " name ="@required "
62+ value ="username,password,address ">
63+ < input name ="@csrf " type ="hidden "
64+ tal:attributes ="value python:utils.anti_csrf_nonce() ">
6265 < input type ="hidden " name ="@action " value ="register ">
6366 < input type ="submit " name ="submit " value ="Register " i18n:attributes ="value ">
6467 </ td >
You can’t perform that action at this time.
0 commit comments