diff options
author | John 'Warthog9' Hawley <warthog9@kernel.org> | 2010-06-24 09:38:06 -0700 |
---|---|---|
committer | Jeremy Kerr <jk@ozlabs.org> | 2010-08-10 11:57:56 +0800 |
commit | 482ba5ac5e2fb71a8ae26ae9d5c5c72c33c35b23 (patch) | |
tree | 30af42f92bc0143daf7fb17fde0d6e8043ace1ea /templates/patchwork/profile.html | |
parent | 6f02427039f0a80484f99ebd4595e2ecdfc907bb (diff) | |
download | patchwork-482ba5ac5e2fb71a8ae26ae9d5c5c72c33c35b23.tar.bz2 patchwork-482ba5ac5e2fb71a8ae26ae9d5c5c72c33c35b23.tar.xz |
templates: Add CSRF (cross-site request forgery) values to form posts
This is a fairly simple patch, basically it does what the error message
told me to do:
"add In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL."
Signed-off-by: John 'Warthog9' Hawley <warthog9@kernel.org>
Diffstat (limited to 'templates/patchwork/profile.html')
-rw-r--r-- | templates/patchwork/profile.html | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/templates/patchwork/profile.html b/templates/patchwork/profile.html index c204183..e2d0b90 100644 --- a/templates/patchwork/profile.html +++ b/templates/patchwork/profile.html @@ -59,6 +59,7 @@ address.</p> {% ifnotequal user.email email.email %} <form action="{% url patchwork.views.user.unlink person_id=email.id %}" method="post"> + {% csrf_token %} <input type="submit" value="Unlink"/> </form> {% endifnotequal %} @@ -68,6 +69,7 @@ address.</p> <tr> <td colspan="2"> <form action="{% url patchwork.views.user.link %}" method="post"> + {% csrf_token %} {{ linkform.email }} <input type="submit" value="Add"/> </form> @@ -102,6 +104,7 @@ address.</p> <h2>Settings</h2> <form method="post"> + {% csrf_token %} <table class="form"> {{ profileform }} <tr> |