Adding @csrf tokens to all forms using post method.

rouilj · rouilj · commit aab957699ca5 · 2017-09-24T21:17:51.000-04:00
diff --git a/website/issues/html/file.item.html b/website/issues/html/file.item.html
@@ -66,6 +66,8 @@
        tal:attributes="action context/designator"
        tal:condition="python:request.user.hasPermission('SB: May Classify')">
  
+       <input name="@csrf" type="hidden"
+	      tal:attributes="value python:utils.anti_csrf_nonce()">
       <input type="hidden" name="@action" value="spambayes_classify">
       <input type="submit" name="trainspam" value="Mark as SPAM" i18n:attributes="value">
       <input type="submit" name="trainham" value="Mark as HAM (not SPAM)" i18n:attributes="value">
diff --git a/website/issues/html/msg.item.html b/website/issues/html/msg.item.html
@@ -76,6 +76,8 @@
       <input type="hidden" name="@action" value="spambayes_classify">
       <input type="submit" name="trainspam" value="Mark as SPAM" i18n:attributes="value">
       <input type="submit" name="trainham" value="Mark as HAM (not SPAM)" i18n:attributes="value">
+      <input name="@csrf" type="hidden"
+	     tal:attributes="value python:utils.anti_csrf_nonce()">
      </form>
    </th>
 
diff --git a/website/issues/html/user.forgotten.html b/website/issues/html/user.forgotten.html
@@ -29,6 +29,8 @@
           <input type="hidden" name="@template" value="forgotten">
           <input type="submit" value="Request password reset"
            i18n:attributes="value">
+	  <input name="@csrf" type="hidden"
+		 tal:attributes="value python:utils.anti_csrf_nonce()">
         </td>
       </tr>
 </table>
@@ -44,6 +46,8 @@
  <tr><td></td><td><input type="submit" value="Request password reset"
    i18n:attributes="value"></td></tr>
 </table>
+<input name="@csrf" type="hidden"
+       tal:attributes="value python:utils.anti_csrf_nonce()">
 </form>
 
 <p i18n:translate="">A confirmation email will be sent to you -
diff --git a/website/issues/html/user.index.html b/website/issues/html/user.index.html
@@ -68,6 +68,8 @@
       <input type="hidden" name="@template" value="index">
       <input type="hidden" name="@action" value="retire">
       <input type="submit" value="retire" i18n:attributes="value">
+      <input name="@csrf" type="hidden"
+	     tal:attributes="value python:utils.anti_csrf_nonce()">
      </form>
  </td>
 </tr>
diff --git a/website/issues/html/user.register.html b/website/issues/html/user.register.html
@@ -68,6 +68,8 @@
    <input type="hidden" name="@required" value="username,password,address">
    <input type="hidden" name="@action" value="register">
    <input type="submit" name="submit" value="Register" i18n:attributes="value">
+   <input name="@csrf" type="hidden"
+	  tal:attributes="value python:utils.anti_csrf_nonce()">
   </td>
  </tr>
 </table>
