templates: Add CSRF (cross-site request forgery) values to form posts

[patchwork] / templates / patchwork / patch-form.html

diff --git a/templates/patchwork/patch-form.html b/templates/patchwork/patch-form.html
index 9d2c9549e9c58d1cbc968a7e1af38bb1d5f5a901..aae673a60c73caf64a3fa103faa782a0574612dc 100644 (file)
--- a/templates/patchwork/patch-form.html
+++ b/templates/patchwork/patch-form.html
@@ -32,6 +32,7 @@
      <td>
       <form action="{% url patchwork.views.patch patch=patch.id %}"
        method="post">
      <td>
       <form action="{% url patchwork.views.patch patch=patch.id %}"
        method="post">

+       {% csrf_token %}

        <input type="hidden" name="action" value="act"/>
        <input type="submit" value="Ack"/>
       </form>
        <input type="hidden" name="action" value="act"/>
        <input type="submit" value="Ack"/>
       </form>


@@ -44,6 +45,7 @@
        <span class="errors">{{createbundleform.errors}}</span>
        {% endif %}
       <form method="post">
        <span class="errors">{{createbundleform.errors}}</span>
        {% endif %}
       <form method="post">

+       {% csrf_token %}

        <input type="hidden" name="action" value="createbundle"/>
         {{ createbundleform.name }}
        <input value="Create" type="submit"/>
        <input type="hidden" name="action" value="createbundle"/>
         {{ createbundleform.name }}
        <input value="Create" type="submit"/>


@@ -55,6 +57,7 @@
      <td>Add to bundle:</td>
      <td>
       <form action="{% url patchwork.views.bundle.setbundle %}" method="post">
      <td>Add to bundle:</td>
      <td>
       <form action="{% url patchwork.views.bundle.setbundle %}" method="post">

+       {% csrf_token %}

        <input type="hidden" name="action" value="add"/>
        <input type="hidden" name="patch_id" value="{{ patch.id }}"/>
        <select name="name"/>
        <input type="hidden" name="action" value="add"/>
        <input type="hidden" name="patch_id" value="{{ patch.id }}"/>
        <select name="name"/>


@@ -71,6 +74,7 @@
      <td>Archive:</td>
      <td>
       <form method="post">
      <td>Archive:</td>
      <td>
       <form method="post">

+       {% csrf_token %}

        <input type="hidden" name="action" value="archive"/>
        <input type="submit" value="Archive"/>
       </form>
        <input type="hidden" name="action" value="archive"/>
        <input type="submit" value="Archive"/>
       </form>