summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDan McGee <dan@archlinux.org>2010-06-05 12:58:31 -0500
committerDan McGee <dan@archlinux.org>2010-06-05 12:58:31 -0500
commitbad2825fab9f45f468414ed551bad9d987923600 (patch)
tree8e91d017ddbe2f28416395cb43f70644d509bd9f
parent7646f8ea7ce19b404a0e57c85e5dd589b3a53371 (diff)
downloadarchweb-bad2825fab9f45f468414ed551bad9d987923600.tar.gz
archweb-bad2825fab9f45f468414ed551bad9d987923600.zip
Updates for CSRF protection in Django 1.2.X
Signed-off-by: Dan McGee <dan@archlinux.org>
-rw-r--r--packages/views.py2
-rw-r--r--settings.py1
-rw-r--r--templates/devel/index.html2
-rw-r--r--templates/devel/profile.html2
-rw-r--r--templates/general_form.html2
-rw-r--r--templates/mirrors/index.html2
-rw-r--r--templates/news/add.html2
-rw-r--r--templates/news/delete.html2
-rw-r--r--templates/packages/details.html2
-rw-r--r--templates/packages/flag.html2
-rw-r--r--templates/packages/search.html2
-rw-r--r--templates/registration/login.html2
-rw-r--r--templates/todolists/todolist_confirm_delete.html2
13 files changed, 13 insertions, 12 deletions
diff --git a/packages/views.py b/packages/views.py
index 6838de03..9053906b 100644
--- a/packages/views.py
+++ b/packages/views.py
@@ -316,7 +316,7 @@ def flag(request, name='', repo='', arch=''):
context['form'] = form
- return render_to_response('packages/flag.html', context)
+ return render_to_response('packages/flag.html', RequestContext(request, context))
def download(request, name='', repo='', arch=''):
pkg = get_object_or_404(Package,
diff --git a/settings.py b/settings.py
index 30f594e6..6c9a1183 100644
--- a/settings.py
+++ b/settings.py
@@ -46,6 +46,7 @@ TEMPLATE_LOADERS = (
MIDDLEWARE_CLASSES = (
'main.middleware.UpdateCacheMiddleware',
"django.contrib.sessions.middleware.SessionMiddleware",
+ 'django.middleware.csrf.CsrfViewMiddleware',
"django.contrib.auth.middleware.AuthenticationMiddleware",
'django.middleware.http.ConditionalGetMiddleware',
"django.middleware.common.CommonMiddleware",
diff --git a/templates/devel/index.html b/templates/devel/index.html
index 662e8246..25429ecf 100644
--- a/templates/devel/index.html
+++ b/templates/devel/index.html
@@ -60,7 +60,7 @@
</tbody>
</table>
- <form id="dash-pkg-notify" method="post" action="/devel/notify/">
+ <form id="dash-pkg-notify" method="post" action="/devel/notify/">{% csrf_token %}
<fieldset>
<p><input id="notify" name="notify" type="checkbox" value="yes"
{% if user.get_profile.notify %} checked="checked"{% endif %} />
diff --git a/templates/devel/profile.html b/templates/devel/profile.html
index 178a59aa..2c1c658d 100644
--- a/templates/devel/profile.html
+++ b/templates/devel/profile.html
@@ -6,7 +6,7 @@
<h2>Developer Profile</h2>
- <form id="edit-profile-form" method="post" action=".">
+ <form id="edit-profile-form" method="post" action=".">{% csrf_token %}
<fieldset>
<legend>Username: <strong>{{ user.username }}</strong></legend>
{{ form.as_p }}
diff --git a/templates/general_form.html b/templates/general_form.html
index d499919a..93e73aca 100644
--- a/templates/general_form.html
+++ b/templates/general_form.html
@@ -8,7 +8,7 @@
{% if description %}{{description}}{% endif %}
- <form class="general-form" method="post" action=".">
+ <form class="general-form" method="post" action=".">{% csrf_token %}
<fieldset>
{% for field in form %}
<p><label>{{field.label}}{% if field.help_text %}:</label><br />
diff --git a/templates/mirrors/index.html b/templates/mirrors/index.html
index b347a086..55c172d7 100644
--- a/templates/mirrors/index.html
+++ b/templates/mirrors/index.html
@@ -13,7 +13,7 @@
Simply replace the contents of <code>/etc/pacman.d/mirrorlist</code> with
the generated code.</p>
- <form id="list-generator" method="post" action=".">
+ <form id="list-generator" method="post" action=".">{% csrf_token %}
{{ mirrorlist_form.as_p }}
<p><label></label> <input type="submit" value="Generate List" /></p>
</form>
diff --git a/templates/news/add.html b/templates/news/add.html
index 38b5b21d..04a55689 100644
--- a/templates/news/add.html
+++ b/templates/news/add.html
@@ -10,7 +10,7 @@
<h2>News: Add Article</h2>
{% endif %}
- <form id="newsform" method="post" action=".">
+ <form id="newsform" method="post" action=".">{% csrf_token %}
<fieldset>
{{ form.as_p }}
</fieldset>
diff --git a/templates/news/delete.html b/templates/news/delete.html
index 6a2fa1e8..3e3ba95e 100644
--- a/templates/news/delete.html
+++ b/templates/news/delete.html
@@ -14,7 +14,7 @@
<p>Are you sure?</p>
- <form method="post" action=".">
+ <form method="post" action=".">{% csrf_token %}
<input title="Delete this article" id="delete" name="delete"
type="submit" value="Delete" /></p>
</form>
diff --git a/templates/packages/details.html b/templates/packages/details.html
index f60324e8..247b6344 100644
--- a/templates/packages/details.html
+++ b/templates/packages/details.html
@@ -32,7 +32,7 @@
</ul>
{% if user.is_authenticated %}
- <form id="pkg-action" method="post" action="/packages/update/">
+ <form id="pkg-action" method="post" action="/packages/update/">{% csrf_token %}
<div><input type="hidden" name="pkgid" value="{{ pkg.id }}" /></div>
<p><input title="Adopt this package" type="submit" class="adopt" name="adopt" value="Adopt" />
&nbsp;&nbsp;<input title="Orphan this package" type="submit" class="disown" name="disown" value="Disown" /></p>
diff --git a/templates/packages/flag.html b/templates/packages/flag.html
index 71d84982..9a5b123b 100644
--- a/templates/packages/flag.html
+++ b/templates/packages/flag.html
@@ -31,7 +31,7 @@
<p>Please confirm your flag request for {{pkg.pkgname}}:</p>
- <form id="flag-pkg-form" method="post" action=".">
+ <form id="flag-pkg-form" method="post" action=".">{% csrf_token %}
<fieldset>
{{ form.as_p }}
</fieldset>
diff --git a/templates/packages/search.html b/templates/packages/search.html
index 6a22b7d8..6ed7f95f 100644
--- a/templates/packages/search.html
+++ b/templates/packages/search.html
@@ -69,7 +69,7 @@
</div>
{% endif %}
- <form id="pkglist-results-form" method="post" action="/packages/update/">
+ <form id="pkglist-results-form" method="post" action="/packages/update/">{% csrf_token %}
<table class="results">
<thead>
diff --git a/templates/registration/login.html b/templates/registration/login.html
index 2f626566..867910ba 100644
--- a/templates/registration/login.html
+++ b/templates/registration/login.html
@@ -10,7 +10,7 @@
<p class="login-error">Your username and password didn't match. Please try again.</p>
{% endif %}
- <form id="dev-login-form" method="post" action=".">
+ <form id="dev-login-form" method="post" action=".">{% csrf_token %}
<fieldset>
<legend>Enter login credentials</legend>
{{ form.as_p }}
diff --git a/templates/todolists/todolist_confirm_delete.html b/templates/todolists/todolist_confirm_delete.html
index c1e87834..39c9f0da 100644
--- a/templates/todolists/todolist_confirm_delete.html
+++ b/templates/todolists/todolist_confirm_delete.html
@@ -14,7 +14,7 @@
<p>Are you sure?</p>
- <form id="delete-todo-form" method="post" action=".">
+ <form id="delete-todo-form" method="post" action=".">{% csrf_token %}
<p><input type="submit" value="Delete" /></p>
</form>