templates: Add CSRF (cross-site request forgery) values to form posts

[patchwork] / templates / patchwork / patch.html

diff --git a/templates/patchwork/patch.html b/templates/patchwork/patch.html
index 7c249ecb2c623ce34ef0bf3b166729b85f41299d..c716a3341f5a0e75368bd8eff36038ef9c8fdea1 100644 (file)
--- a/templates/patchwork/patch.html
+++ b/templates/patchwork/patch.html
@@ -87,6 +87,7 @@ function toggle_headers(link_id, headers_id)
  <div class="patchform patchform-properties">
   <h3>Patch Properties</h3>
    <form method="post">
+    {% csrf_token %}
     <table class="form">
      <tr>
       <th>Change state:</th>
@@ -130,6 +131,7 @@ function toggle_headers(link_id, headers_id)
      <td>
       <form action="{% url patchwork.views.patch.patch patch_id=patch.id %}"
        method="post">
+       {% csrf_token %}
        <input type="hidden" name="action" value="act"/>
        <input type="submit" value="Ack"/>
       </form>
@@ -143,6 +145,7 @@ function toggle_headers(link_id, headers_id)
        <dd class="errors">{{createbundleform.non_field_errors}}</dd>
        {% endif %}
       <form method="post">
+       {% csrf_token %}
        <input type="hidden" name="action" value="createbundle"/>
        {% if createbundleform.name.errors %}
        <dd class="errors">{{createbundleform.name.errors}}</dd>
@@ -157,6 +160,7 @@ function toggle_headers(link_id, headers_id)
      <td>Add to bundle:</td>
      <td>
       <form method="post">
+       {% csrf_token %}
        <input type="hidden" name="action" value="addtobundle"/>
        <select name="bundle_id"/>
         {% for bundle in bundles %}
@@ -183,6 +187,7 @@ function toggle_headers(link_id, headers_id)
      <td>
       <form action="{% url patchwork.views.patch.patch patch_id=patch.id %}"
        method="post">
+       {% csrf_token %}
        <input type="hidden" name="action" value="act"/>
        <input type="submit" value="Ack"/>
       </form>