diff options
-rw-r--r-- | packages/views.py | 2 | ||||
-rw-r--r-- | settings.py | 1 | ||||
-rw-r--r-- | templates/devel/index.html | 2 | ||||
-rw-r--r-- | templates/devel/profile.html | 2 | ||||
-rw-r--r-- | templates/general_form.html | 2 | ||||
-rw-r--r-- | templates/mirrors/index.html | 2 | ||||
-rw-r--r-- | templates/news/add.html | 2 | ||||
-rw-r--r-- | templates/news/delete.html | 2 | ||||
-rw-r--r-- | templates/packages/details.html | 2 | ||||
-rw-r--r-- | templates/packages/flag.html | 2 | ||||
-rw-r--r-- | templates/packages/search.html | 2 | ||||
-rw-r--r-- | templates/registration/login.html | 2 | ||||
-rw-r--r-- | templates/todolists/todolist_confirm_delete.html | 2 |
13 files changed, 13 insertions, 12 deletions
diff --git a/packages/views.py b/packages/views.py index 6838de0..9053906 100644 --- a/packages/views.py +++ b/packages/views.py @@ -316,7 +316,7 @@ def flag(request, name='', repo='', arch=''): context['form'] = form - return render_to_response('packages/flag.html', context) + return render_to_response('packages/flag.html', RequestContext(request, context)) def download(request, name='', repo='', arch=''): pkg = get_object_or_404(Package, diff --git a/settings.py b/settings.py index 30f594e..6c9a118 100644 --- a/settings.py +++ b/settings.py @@ -46,6 +46,7 @@ TEMPLATE_LOADERS = ( MIDDLEWARE_CLASSES = ( 'main.middleware.UpdateCacheMiddleware', "django.contrib.sessions.middleware.SessionMiddleware", + 'django.middleware.csrf.CsrfViewMiddleware', "django.contrib.auth.middleware.AuthenticationMiddleware", 'django.middleware.http.ConditionalGetMiddleware', "django.middleware.common.CommonMiddleware", diff --git a/templates/devel/index.html b/templates/devel/index.html index 662e824..25429ec 100644 --- a/templates/devel/index.html +++ b/templates/devel/index.html @@ -60,7 +60,7 @@ </tbody> </table> - <form id="dash-pkg-notify" method="post" action="/devel/notify/"> + <form id="dash-pkg-notify" method="post" action="/devel/notify/">{% csrf_token %} <fieldset> <p><input id="notify" name="notify" type="checkbox" value="yes" {% if user.get_profile.notify %} checked="checked"{% endif %} /> diff --git a/templates/devel/profile.html b/templates/devel/profile.html index 178a59a..2c1c658 100644 --- a/templates/devel/profile.html +++ b/templates/devel/profile.html @@ -6,7 +6,7 @@ <h2>Developer Profile</h2> - <form id="edit-profile-form" method="post" action="."> + <form id="edit-profile-form" method="post" action=".">{% csrf_token %} <fieldset> <legend>Username: <strong>{{ user.username }}</strong></legend> {{ form.as_p }} diff --git a/templates/general_form.html b/templates/general_form.html index d499919..93e73ac 100644 --- a/templates/general_form.html +++ b/templates/general_form.html @@ -8,7 +8,7 @@ {% if description %}{{description}}{% endif %} - <form class="general-form" method="post" action="."> + <form class="general-form" method="post" action=".">{% csrf_token %} <fieldset> {% for field in form %} <p><label>{{field.label}}{% if field.help_text %}:</label><br /> diff --git a/templates/mirrors/index.html b/templates/mirrors/index.html index b347a08..55c172d 100644 --- a/templates/mirrors/index.html +++ b/templates/mirrors/index.html @@ -13,7 +13,7 @@ Simply replace the contents of <code>/etc/pacman.d/mirrorlist</code> with the generated code.</p> - <form id="list-generator" method="post" action="."> + <form id="list-generator" method="post" action=".">{% csrf_token %} {{ mirrorlist_form.as_p }} <p><label></label> <input type="submit" value="Generate List" /></p> </form> diff --git a/templates/news/add.html b/templates/news/add.html index 38b5b21..04a5568 100644 --- a/templates/news/add.html +++ b/templates/news/add.html @@ -10,7 +10,7 @@ <h2>News: Add Article</h2> {% endif %} - <form id="newsform" method="post" action="."> + <form id="newsform" method="post" action=".">{% csrf_token %} <fieldset> {{ form.as_p }} </fieldset> diff --git a/templates/news/delete.html b/templates/news/delete.html index 6a2fa1e..3e3ba95 100644 --- a/templates/news/delete.html +++ b/templates/news/delete.html @@ -14,7 +14,7 @@ <p>Are you sure?</p> - <form method="post" action="."> + <form method="post" action=".">{% csrf_token %} <input title="Delete this article" id="delete" name="delete" type="submit" value="Delete" /></p> </form> diff --git a/templates/packages/details.html b/templates/packages/details.html index f60324e..247b634 100644 --- a/templates/packages/details.html +++ b/templates/packages/details.html @@ -32,7 +32,7 @@ </ul> {% if user.is_authenticated %} - <form id="pkg-action" method="post" action="/packages/update/"> + <form id="pkg-action" method="post" action="/packages/update/">{% csrf_token %} <div><input type="hidden" name="pkgid" value="{{ pkg.id }}" /></div> <p><input title="Adopt this package" type="submit" class="adopt" name="adopt" value="Adopt" /> <input title="Orphan this package" type="submit" class="disown" name="disown" value="Disown" /></p> diff --git a/templates/packages/flag.html b/templates/packages/flag.html index 71d8498..9a5b123 100644 --- a/templates/packages/flag.html +++ b/templates/packages/flag.html @@ -31,7 +31,7 @@ <p>Please confirm your flag request for {{pkg.pkgname}}:</p> - <form id="flag-pkg-form" method="post" action="."> + <form id="flag-pkg-form" method="post" action=".">{% csrf_token %} <fieldset> {{ form.as_p }} </fieldset> diff --git a/templates/packages/search.html b/templates/packages/search.html index 6a22b7d..6ed7f95 100644 --- a/templates/packages/search.html +++ b/templates/packages/search.html @@ -69,7 +69,7 @@ </div> {% endif %} - <form id="pkglist-results-form" method="post" action="/packages/update/"> + <form id="pkglist-results-form" method="post" action="/packages/update/">{% csrf_token %} <table class="results"> <thead> diff --git a/templates/registration/login.html b/templates/registration/login.html index 2f62656..867910b 100644 --- a/templates/registration/login.html +++ b/templates/registration/login.html @@ -10,7 +10,7 @@ <p class="login-error">Your username and password didn't match. Please try again.</p> {% endif %} - <form id="dev-login-form" method="post" action="."> + <form id="dev-login-form" method="post" action=".">{% csrf_token %} <fieldset> <legend>Enter login credentials</legend> {{ form.as_p }} diff --git a/templates/todolists/todolist_confirm_delete.html b/templates/todolists/todolist_confirm_delete.html index c1e8783..39c9f0d 100644 --- a/templates/todolists/todolist_confirm_delete.html +++ b/templates/todolists/todolist_confirm_delete.html @@ -14,7 +14,7 @@ <p>Are you sure?</p> - <form id="delete-todo-form" method="post" action="."> + <form id="delete-todo-form" method="post" action=".">{% csrf_token %} <p><input type="submit" value="Delete" /></p> </form> |