templates: Add CSRF (cross-site request forgery) values to form posts

This is a fairly simple patch, basically it does what the error message
told me to do:
"add In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL."

Signed-off-by: John 'Warthog9' Hawley <warthog9@kernel.org>

diff --git a/templates/patchwork/bundle.html b/templates/patchwork/bundle.html
index 616a62ee93551c30b2ae13eaeb2b2814b4e57dae..a2933d5ff258ea9687c1edeff4f4b3e790086646 100644 (file)
--- a/templates/patchwork/bundle.html
+++ b/templates/patchwork/bundle.html
@@ -26,6 +26,7 @@ project.</p>
 
 
 <form method="post">
+ {% csrf_token %}
  <input type="hidden" name="form" value="bundle"/>
 <table class="form">
 

diff --git a/templates/patchwork/bundles.html b/templates/patchwork/bundles.html
index 95029c16e8ccd7de306ef96a447ccf757301150f..5340a6430b132c943cc9dcb4425d76324c51f845 100644 (file)
--- a/templates/patchwork/bundles.html
+++ b/templates/patchwork/bundles.html
@@ -33,6 +33,7 @@
   <td style="text-align: center;">
    <form method="post"
     onsubmit="return confirm_delete('bundle', '{{bundle.name|escapejs}}');">
+    {% csrf_token %}
     {{ bundle.delete_form.as_p }}
     <input type="image"
      src="/images/16-em-cross.png" width="16" height="16" alt="delete"

diff --git a/templates/patchwork/patch-form.html b/templates/patchwork/patch-form.html
index 9d2c9549e9c58d1cbc968a7e1af38bb1d5f5a901..aae673a60c73caf64a3fa103faa782a0574612dc 100644 (file)
--- a/templates/patchwork/patch-form.html
+++ b/templates/patchwork/patch-form.html
@@ -32,6 +32,7 @@
      <td>
       <form action="{% url patchwork.views.patch patch=patch.id %}"
        method="post">
+       {% csrf_token %}
        <input type="hidden" name="action" value="act"/>
        <input type="submit" value="Ack"/>
       </form>
@@ -44,6 +45,7 @@
        <span class="errors">{{createbundleform.errors}}</span>
        {% endif %}
       <form method="post">
+       {% csrf_token %}
        <input type="hidden" name="action" value="createbundle"/>
         {{ createbundleform.name }}
        <input value="Create" type="submit"/>
@@ -55,6 +57,7 @@
      <td>Add to bundle:</td>
      <td>
       <form action="{% url patchwork.views.bundle.setbundle %}" method="post">
+       {% csrf_token %}
        <input type="hidden" name="action" value="add"/>
        <input type="hidden" name="patch_id" value="{{ patch.id }}"/>
        <select name="name"/>
@@ -71,6 +74,7 @@
      <td>Archive:</td>
      <td>
       <form method="post">
+       {% csrf_token %}
        <input type="hidden" name="action" value="archive"/>
        <input type="submit" value="Archive"/>
       </form>

diff --git a/templates/patchwork/patch-list.html b/templates/patchwork/patch-list.html
index bc9abe943e62364bd1a5fbcea698e9e52c79467b..fe4d6060e4cd5a16670ace0e06df834db810cae1 100644 (file)
--- a/templates/patchwork/patch-list.html
+++ b/templates/patchwork/patch-list.html
@@ -12,6 +12,7 @@
  {% if order.editable %}
   <td class="patchlistreorder">
    <form method="post" id="reorderform">
+    {% csrf_token %}
     <input type="hidden" name="form" value="reorderform"/>
     <input type="hidden" name="order_start" value="0"/>
     <span id="reorderhelp"></span>
@@ -33,6 +34,7 @@
 {% endif %}
 
 <form method="post">
+{% csrf_token %}
 <input type="hidden" name="form" value="patchlistform"/>
 <input type="hidden" name="project" value="{{project.id}}"/>
 <table class="patchlist" id="patchlist">

diff --git a/templates/patchwork/patch.html b/templates/patchwork/patch.html
index 7c249ecb2c623ce34ef0bf3b166729b85f41299d..c716a3341f5a0e75368bd8eff36038ef9c8fdea1 100644 (file)
--- a/templates/patchwork/patch.html
+++ b/templates/patchwork/patch.html
@@ -87,6 +87,7 @@ function toggle_headers(link_id, headers_id)
  <div class="patchform patchform-properties">
   <h3>Patch Properties</h3>
    <form method="post">
+    {% csrf_token %}
     <table class="form">
      <tr>
       <th>Change state:</th>
@@ -130,6 +131,7 @@ function toggle_headers(link_id, headers_id)
      <td>
       <form action="{% url patchwork.views.patch.patch patch_id=patch.id %}"
        method="post">
+       {% csrf_token %}
        <input type="hidden" name="action" value="act"/>
        <input type="submit" value="Ack"/>
       </form>
@@ -143,6 +145,7 @@ function toggle_headers(link_id, headers_id)
        <dd class="errors">{{createbundleform.non_field_errors}}</dd>
        {% endif %}
       <form method="post">
+       {% csrf_token %}
        <input type="hidden" name="action" value="createbundle"/>
        {% if createbundleform.name.errors %}
        <dd class="errors">{{createbundleform.name.errors}}</dd>
@@ -157,6 +160,7 @@ function toggle_headers(link_id, headers_id)
      <td>Add to bundle:</td>
      <td>
       <form method="post">
+       {% csrf_token %}
        <input type="hidden" name="action" value="addtobundle"/>
        <select name="bundle_id"/>
         {% for bundle in bundles %}
@@ -183,6 +187,7 @@ function toggle_headers(link_id, headers_id)
      <td>
       <form action="{% url patchwork.views.patch.patch patch_id=patch.id %}"
        method="post">
+       {% csrf_token %}
        <input type="hidden" name="action" value="act"/>
        <input type="submit" value="Ack"/>
       </form>

diff --git a/templates/patchwork/patchlist.html b/templates/patchwork/patchlist.html
index 1bcd2c1c129e58374b108f4e5782d318643abafb..d6709cd11c7e3b2f99a6eca1bf96c304ea9cca5a 100644 (file)
--- a/templates/patchwork/patchlist.html
+++ b/templates/patchwork/patchlist.html
@@ -3,6 +3,7 @@
 
 {% if patches %}
 <form method="post">
+{% csrf_token %}
 <table class="patchlist">
  <tr>
   {% if patchform %}

diff --git a/templates/patchwork/profile.html b/templates/patchwork/profile.html
index c204183ab923fc1084674b9e54333e1e5da5cf9f..e2d0b9039bfdbd98927880b6914fa8a4bfa87187 100644 (file)
--- a/templates/patchwork/profile.html
+++ b/templates/patchwork/profile.html
@@ -59,6 +59,7 @@ address.</p>
    {% ifnotequal user.email email.email %}
    <form action="{% url patchwork.views.user.unlink person_id=email.id %}"
     method="post">
+    {% csrf_token %}
     <input type="submit" value="Unlink"/>
    </form>
     {% endifnotequal %}
@@ -68,6 +69,7 @@ address.</p>
  <tr>
   <td colspan="2">
    <form action="{% url patchwork.views.user.link %}" method="post">
+    {% csrf_token %}
     {{ linkform.email }}
     <input type="submit" value="Add"/>
    </form>
@@ -102,6 +104,7 @@ address.</p>
 <h2>Settings</h2>
 
 <form method="post">
+ {% csrf_token %}
  <table class="form">
 {{ profileform }}
   <tr>

diff --git a/templates/patchwork/user-link.html b/templates/patchwork/user-link.html
index 2ed193efe26ece9dc6378aede1f4516a461982a9..10c8ec275b6628a1c3e9c0d454e6446e7cbc61d4 100644 (file)
--- a/templates/patchwork/user-link.html
+++ b/templates/patchwork/user-link.html
@@ -22,6 +22,7 @@ you.</p>
    {% endif %}
 
    <form action="{% url patchwork.views.user.link %}" method="post">
+    {% csrf_token %}
     {{linkform.email.errors}}
     Link an email address: {{ linkform.email }}
    </form>

diff --git a/templates/registration/login.html b/templates/registration/login.html
index eef56a43a8f5dc045e993a5cef5d8d4129454cbe..2dfc2a7bb8498ef843933e45744597c76ddfef05 100644 (file)
--- a/templates/registration/login.html
+++ b/templates/registration/login.html
@@ -6,6 +6,7 @@
 
 {% block body %}
 <form method="post">
+{% csrf_token %}
 <table class="form loginform">
  <tr>
   <th colspan="2" class="headerrow">login</th>

diff --git a/templates/registration/registration_form.html b/templates/registration/registration_form.html
index 8938e40ce663d52d8c8bf5e36216a41984284e72..e2b17c1aa80a09631695e85bf08eac8d06daea5c 100644 (file)
--- a/templates/registration/registration_form.html
+++ b/templates/registration/registration_form.html
@@ -20,6 +20,7 @@
  <li>update the state of your own patches</li>
 </ul>
 <form method="post">
+{% csrf_token %}
 <table class="form registerform">
  <tr>
   <th colspan="2" class="headerrow">register</th>