You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by tv...@apache.org on 2013/12/13 06:07:50 UTC
[04/45] git commit: [#5475] ticket:473 CSRF token was added to all
hand-coded forms
[#5475] ticket:473 CSRF token was added to all hand-coded forms
Project: http://git-wip-us.apache.org/repos/asf/incubator-allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-allura/commit/d778f65a
Tree: http://git-wip-us.apache.org/repos/asf/incubator-allura/tree/d778f65a
Diff: http://git-wip-us.apache.org/repos/asf/incubator-allura/diff/d778f65a
Branch: refs/heads/tv/6942
Commit: d778f65aa1ec893ce3a69129b6d14417bf8d3800
Parents: 127ea61
Author: Andrej Aleksandrov <pi...@gmail.com>
Authored: Fri Nov 8 15:11:57 2013 +0200
Committer: Dave Brondsema <db...@slashdotmedia.com>
Committed: Wed Dec 4 15:35:11 2013 +0000
----------------------------------------------------------------------
.../ext/admin/templates/admin_widgets/metadata_admin.html | 2 ++
Allura/allura/ext/admin/templates/export.html | 1 +
Allura/allura/ext/admin/templates/project_groups.html | 2 ++
Allura/allura/ext/admin/templates/project_invitations.html | 1 +
Allura/allura/ext/admin/templates/project_permissions.html | 1 +
Allura/allura/ext/admin/templates/project_tools.html | 5 +++++
Allura/allura/ext/admin/templates/project_trove.html | 5 ++++-
Allura/allura/ext/admin/templates/widgets/block_list.html | 2 ++
Allura/allura/ext/admin/templates/widgets/block_user.html | 2 ++
Allura/allura/templates/app_admin_options.html | 2 ++
Allura/allura/templates/app_admin_permissions.html | 1 +
Allura/allura/templates/award.html | 1 +
Allura/allura/templates/claim_openid.html | 1 +
Allura/allura/templates/jinja_master/sidebar_menu.html | 2 ++
Allura/allura/templates/login.html | 1 +
Allura/allura/templates/neighborhood_admin_accolades.html | 4 ++++
Allura/allura/templates/neighborhood_moderate.html | 2 ++
Allura/allura/templates/oauth_applications.html | 3 +++
Allura/allura/templates/oauth_authorize.html | 1 +
Allura/allura/templates/repo/default_branch.html | 1 -
Allura/allura/templates/repo/fork.html | 1 +
Allura/allura/templates/repo/tarball.html | 1 +
Allura/allura/templates/repo/tree.html | 1 +
Allura/allura/templates/setup_openid_user.html | 1 +
Allura/allura/templates/site_admin_add_subscribers.html | 1 +
Allura/allura/templates/site_admin_api_tickets.html | 1 +
Allura/allura/templates/site_admin_new_projects.html | 1 +
Allura/allura/templates/site_admin_reclone_repo.html | 3 ++-
Allura/allura/templates/site_admin_task_new.html | 1 +
Allura/allura/templates/site_admin_task_view.html | 1 +
Allura/allura/templates/user_prefs.html | 3 +++
Allura/allura/templates/widgets/admin_form.html | 2 ++
Allura/allura/templates/widgets/attachment_add.html | 2 ++
Allura/allura/templates/widgets/attachment_list.html | 3 +++
Allura/allura/templates/widgets/edit_post.html | 2 ++
Allura/allura/templates/widgets/flag_post.html | 4 +++-
Allura/allura/templates/widgets/forge_form.html | 2 +-
Allura/allura/templates/widgets/moderate_post.html | 4 ++++
Allura/allura/templates/widgets/moderate_posts.html | 2 ++
Allura/allura/templates/widgets/neighborhood_add_project.html | 2 ++
Allura/allura/templates/widgets/neighborhood_overview_form.html | 1 +
Allura/allura/templates/widgets/new_topic_post.html | 2 ++
Allura/allura/templates/widgets/page_size.html | 2 ++
Allura/allura/templates/widgets/post_widget.html | 1 +
Allura/allura/templates/widgets/project_screenshots.html | 3 +++
Allura/allura/templates/widgets/search_results.html | 2 ++
Allura/allura/templates/widgets/subscription_form.html | 2 ++
Allura/allura/templates/widgets/vote.html | 2 ++
ForgeBlog/forgeblog/templates/blog/admin_exfeed.html | 2 ++
ForgeBlog/forgeblog/templates/blog/post_history.html | 1 +
ForgeBlog/forgeblog/templates/blog_widgets/post_form.html | 2 ++
.../forgediscussion/templates/discussion_widgets/add_forum.html | 1 +
.../templates/discussion_widgets/add_forum_short.html | 2 ++
.../templates/discussionforums/admin_forums.html | 2 ++
.../forgediscussion/templates/discussionforums/stats_graph.html | 4 +++-
ForgeImporters/forgeimporters/templates/importer_base.html | 1 +
ForgeImporters/forgeimporters/templates/project_base.html | 1 +
ForgeShortUrl/forgeshorturl/templates/form.html | 3 +++
ForgeTracker/forgetracker/templates/tracker/admin_fields.html | 1 +
ForgeTracker/forgetracker/templates/tracker/bin.html | 1 +
ForgeTracker/forgetracker/templates/tracker/milestones.html | 1 +
ForgeTracker/forgetracker/templates/tracker/search.html | 1 +
.../forgetracker/templates/tracker_widgets/bin_form.html | 2 ++
.../forgetracker/templates/tracker_widgets/mass_edit_form.html | 4 +++-
.../forgetracker/templates/tracker_widgets/options_admin.html | 2 ++
.../forgetracker/templates/tracker_widgets/ticket_form.html | 1 +
.../templates/tracker_widgets/ticket_search_results.html | 2 ++
ForgeWiki/forgewiki/templates/wiki/page_edit.html | 2 ++
68 files changed, 122 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/Allura/allura/ext/admin/templates/admin_widgets/metadata_admin.html
----------------------------------------------------------------------
diff --git a/Allura/allura/ext/admin/templates/admin_widgets/metadata_admin.html b/Allura/allura/ext/admin/templates/admin_widgets/metadata_admin.html
index bfce390..a1a20ab 100644
--- a/Allura/allura/ext/admin/templates/admin_widgets/metadata_admin.html
+++ b/Allura/allura/ext/admin/templates/admin_widgets/metadata_admin.html
@@ -16,6 +16,7 @@
specific language governing permissions and limitations
under the License.
-#}
+{% import 'allura:templates/jinja_master/lib.html' as lib with context %}
<form method="POST" action="update" enctype="multipart/form-data" id="metadata_form">
<div class="grid-9">
{{ widget.display_label(widget.fields.name) }}
@@ -170,4 +171,5 @@
<div class="grid-15">
<input type="submit" value="Save">
</div>
+ {{lib.csrf_token()}}
</form>
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/Allura/allura/ext/admin/templates/export.html
----------------------------------------------------------------------
diff --git a/Allura/allura/ext/admin/templates/export.html b/Allura/allura/ext/admin/templates/export.html
index a0620ad..a8081f1 100644
--- a/Allura/allura/ext/admin/templates/export.html
+++ b/Allura/allura/ext/admin/templates/export.html
@@ -56,6 +56,7 @@
</div>
{% endfor %}
<p><div class="grid-19"><input type="submit" value="Export" {% if status == 'busy' %}disabled{% endif %}></div></p>
+ {{lib.csrf_token()}}
</form>
{% else %}
There are no exportable tools in your project.
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/Allura/allura/ext/admin/templates/project_groups.html
----------------------------------------------------------------------
diff --git a/Allura/allura/ext/admin/templates/project_groups.html b/Allura/allura/ext/admin/templates/project_groups.html
index 54f7c26..7783f70 100644
--- a/Allura/allura/ext/admin/templates/project_groups.html
+++ b/Allura/allura/ext/admin/templates/project_groups.html
@@ -45,6 +45,7 @@
{% endmacro %}
{% block content %}
+ {{lib.csrf_token()}}
<p>Project permissions are assigned to groups of users. Add users to a group appropriate to the role they fill in your project. <a href="#" id="show_help">more...</a></p>
<div id="help_text" style="display:none">
<p>By default, your project has three groups of progressively more privileged users (Member, Developer, and Admin groups). There are also catch alls for any logged in user (Authenticated) and any user even if they aren't logged in (Anonymous). Permissions allowed to a less privileged group are inherited by more privileged ones.</p>
@@ -84,6 +85,7 @@
<input type="text" placeholder="type a username">
<input type="submit" value="Save" class="nofloat">
<a href="#" class="cancel_link">cancel</a>
+ {{lib.csrf_token()}}
</form>
</li>
<li class="adder">
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/Allura/allura/ext/admin/templates/project_invitations.html
----------------------------------------------------------------------
diff --git a/Allura/allura/ext/admin/templates/project_invitations.html b/Allura/allura/ext/admin/templates/project_invitations.html
index 7f4e63e..32c7e05 100644
--- a/Allura/allura/ext/admin/templates/project_invitations.html
+++ b/Allura/allura/ext/admin/templates/project_invitations.html
@@ -37,5 +37,6 @@
{% endfor %}
</select>
<input type="submit" value="Join Neighborhood"/>
+ {{lib.csrf_token()}}
</form>
{% endblock %}
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/Allura/allura/ext/admin/templates/project_permissions.html
----------------------------------------------------------------------
diff --git a/Allura/allura/ext/admin/templates/project_permissions.html b/Allura/allura/ext/admin/templates/project_permissions.html
index 186bd06..c1ef6c6 100644
--- a/Allura/allura/ext/admin/templates/project_permissions.html
+++ b/Allura/allura/ext/admin/templates/project_permissions.html
@@ -47,5 +47,6 @@
<input type="submit" value="Save">
<a href="" class="btn link cancel">Cancel</a>
</p>
+ {{lib.csrf_token()}}
</form>
{% endblock %}
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/Allura/allura/ext/admin/templates/project_tools.html
----------------------------------------------------------------------
diff --git a/Allura/allura/ext/admin/templates/project_tools.html b/Allura/allura/ext/admin/templates/project_tools.html
index 36f98f5..dc193c1 100644
--- a/Allura/allura/ext/admin/templates/project_tools.html
+++ b/Allura/allura/ext/admin/templates/project_tools.html
@@ -73,6 +73,7 @@
<div class="grid-13">
<input type="submit" value="Save" name="new.install"> <a href="#" class="close btn link">Cancel</a>
</div>
+ {{lib.csrf_token()}}
</form>
{{c.install_modal.display(content='<h1>Install <span id="install_tool_label">Tool</span></h1>')}}
@@ -108,6 +109,7 @@
{% if mount['ac'].load().uninstallable %}
<a href="#" class="mount_delete" data-mount-point="{{ mount['ac'].options.mount_point }}">Delete</a>
{% endif %}
+ {{lib.csrf_token()}}
</form>
</li>
{% endif %}
@@ -131,6 +133,7 @@
value="{{mount['sub'].shortname}}"/>
<input name="subproject-{{loop.index0}}.delete" type="hidden" value="Delete"/>
<a href="#" class="mount_delete" data-mount-point="{{ mount['sub'].shortname }}">Delete</a>
+ {{lib.csrf_token()}}
</form>
</li>
</ul>
@@ -147,6 +150,7 @@
<div class="grid-13">
<input type="button" value="Delete" class="continue_delete"> <input type="button" value="Cancel" class="cancel_delete close">
</div>
+ {{lib.csrf_token()}}
</form>
{{c.admin_modal.display(content='<h1 id="popup_title"></h1><div id="popup_contents"></div>')}}
{{c.mount_delete.display(content='<h1>Confirm Delete</h1>')}}
@@ -158,6 +162,7 @@
<input name="grouping_threshold" value="{{c.project.get_tool_data('allura', 'grouping_threshold', 1)}}"/>
</label>
<br/><input type="submit" value="Change"/>
+ {{lib.csrf_token()}}
</form>
{% endblock %}
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/Allura/allura/ext/admin/templates/project_trove.html
----------------------------------------------------------------------
diff --git a/Allura/allura/ext/admin/templates/project_trove.html b/Allura/allura/ext/admin/templates/project_trove.html
index fb799da..fbd220c 100644
--- a/Allura/allura/ext/admin/templates/project_trove.html
+++ b/Allura/allura/ext/admin/templates/project_trove.html
@@ -33,6 +33,7 @@
<input type="hidden" name="type" value="{{base.shortname}}">
<input type="hidden" name="trove" value="{{cat.trove_cat_id}}">
<input type="submit" value="Delete">
+ {{lib.csrf_token()}}
</form>
</div>
{% else %}
@@ -52,6 +53,7 @@
</select>
<br>
<input type="submit" value="Add">
+ {{lib.csrf_token()}}
</form>
</div>
{% endmacro %}
@@ -67,6 +69,7 @@
{{ c.label_edit.display(id='labels', name='labels', value=c.project.labels) }}
<br style="clear:both">
<input type="submit" value="Save">
+ {{lib.csrf_token()}}
</form>
</div>
{{show_trove_base_cat(topic_trove)}}
@@ -105,7 +108,7 @@
insertAfter = this;
}
});
- var $newItem = $('<div><span class="trove_fullpath">'+resp.trove_full_path+'</span> <form class="trove_deleter"><input type="hidden" name="type" value="'+type+'"><input type="hidden" name="trove" value="'+new_id+'">'+del_btn+'</form></div>');
+ var $newItem = $('<div><span class="trove_fullpath">'+resp.trove_full_path+'</span> <form class="trove_deleter"><input type="hidden" name="type" value="'+type+'"><input type="hidden" name="trove" value="'+new_id+'">'+del_btn+'</form>{{lib.csrf_token()}}</div>');
if (insertAfter) {
$newItem.insertAfter(insertAfter);
} else {
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/Allura/allura/ext/admin/templates/widgets/block_list.html
----------------------------------------------------------------------
diff --git a/Allura/allura/ext/admin/templates/widgets/block_list.html b/Allura/allura/ext/admin/templates/widgets/block_list.html
index c3db3ba..0163a6f 100644
--- a/Allura/allura/ext/admin/templates/widgets/block_list.html
+++ b/Allura/allura/ext/admin/templates/widgets/block_list.html
@@ -16,6 +16,7 @@
specific language governing permissions and limitations
under the License.
-#}
+{% import 'allura:templates/jinja_master/lib.html' as lib with context %}
<h1>Block list</h1>
<form action="unblock_user" method="POST">
<div class="model-block-list"></div>
@@ -24,4 +25,5 @@
<hr>
<div class="grid-13"> </div>
<input type="submit" value="Unblock">
+{{lib.csrf_token()}}
</form>
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/Allura/allura/ext/admin/templates/widgets/block_user.html
----------------------------------------------------------------------
diff --git a/Allura/allura/ext/admin/templates/widgets/block_user.html b/Allura/allura/ext/admin/templates/widgets/block_user.html
index 9f087c3..8b1ea92 100644
--- a/Allura/allura/ext/admin/templates/widgets/block_user.html
+++ b/Allura/allura/ext/admin/templates/widgets/block_user.html
@@ -16,6 +16,7 @@
specific language governing permissions and limitations
under the License.
-#}
+{% import 'allura:templates/jinja_master/lib.html' as lib with context %}
<h1>Block User</h1>
<form action="block_user" method="POST">
<label class="grid-13">User Name</label>
@@ -28,4 +29,5 @@
<div class="grid-13"> </div>
<input type="submit" value="Save">
<a href="#" class="close">Cancel</a>
+ {{lib.csrf_token()}}
</form>
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/Allura/allura/templates/app_admin_options.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/app_admin_options.html b/Allura/allura/templates/app_admin_options.html
index 83a3aa6..8924823 100644
--- a/Allura/allura/templates/app_admin_options.html
+++ b/Allura/allura/templates/app_admin_options.html
@@ -17,6 +17,7 @@
under the License.
-#}
<!DOCTYPE html>
+{% import 'allura:templates/jinja_master/lib.html' as lib with context %}
<form method="post" action="{{c.project.url()}}admin/{{app.config.options.mount_point}}/configure">
{% for o in app.config_options if o.name not in ['mount_point', 'mount_label', 'ordinal'] %}
<label for="{{o.name}}" class="grid-4">{{o.label}}</label>
@@ -43,4 +44,5 @@
<a href="#" class="close">Cancel</a>
</div>
{% endif %}
+ {{lib.csrf_token()}}
</form>
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/Allura/allura/templates/app_admin_permissions.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/app_admin_permissions.html b/Allura/allura/templates/app_admin_permissions.html
index 8f03987..7433ede 100644
--- a/Allura/allura/templates/app_admin_permissions.html
+++ b/Allura/allura/templates/app_admin_permissions.html
@@ -59,6 +59,7 @@
<input type="submit" value="Save">
<a href="{{c.app.url}}" class="btn link cancel">Cancel</a>
</p>
+ {{lib.csrf_token()}}
</form>
{{c.block_user.display()}}
{{c.block_list.display()}}
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/Allura/allura/templates/award.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/award.html b/Allura/allura/templates/award.html
index 503714f..329b8b2 100644
--- a/Allura/allura/templates/award.html
+++ b/Allura/allura/templates/award.html
@@ -58,6 +58,7 @@
</tr>
</tbody>
</table>
+ {{lib.csrf_token()}}
</form>
<p><a href="../../accolades"><< Back</a></p>
{% endblock %}
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/Allura/allura/templates/claim_openid.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/claim_openid.html b/Allura/allura/templates/claim_openid.html
index 7421dfa..4d61d1e 100644
--- a/Allura/allura/templates/claim_openid.html
+++ b/Allura/allura/templates/claim_openid.html
@@ -42,6 +42,7 @@
<div class="grid-18">
<input type="submit" id="submit" value="Claim">
</div>
+ {{lib.csrf_token()}}
</form>
</div>
{% endblock %}
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/Allura/allura/templates/jinja_master/sidebar_menu.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/jinja_master/sidebar_menu.html b/Allura/allura/templates/jinja_master/sidebar_menu.html
index 08beed2..5f82e64 100644
--- a/Allura/allura/templates/jinja_master/sidebar_menu.html
+++ b/Allura/allura/templates/jinja_master/sidebar_menu.html
@@ -16,6 +16,7 @@
specific language governing permissions and limitations
under the License.
-#}
+{% import 'allura:templates/jinja_master/lib.html' as lib with context %}
{% set ul_active = [] %}
{% macro sidebar_item(s) -%}
{% if s.url %}
@@ -41,6 +42,7 @@
{% if c.app and c.app.searchable %}
<form id="search" method="GET" action="{{c.app.url + 'search/'}}">
<input name="q" type="text" title="Search {{c.app.config.options.mount_label}}" placeholder="Search {{c.app.config.options.mount_label}}">
+ {{lib.csrf_token()}}
</form>
{% else %}
<div> </div>
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/Allura/allura/templates/login.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/login.html b/Allura/allura/templates/login.html
index fef3f7f..9153679 100644
--- a/Allura/allura/templates/login.html
+++ b/Allura/allura/templates/login.html
@@ -47,6 +47,7 @@
<div class="grid-18"><input type="text" id="username_oid" name="username"/></div>
<label class="grid-4"> </label>
<div class="grid-18"><input type="submit" id="submit_oid" value="Login"/></div>
+ {{lib.csrf_token()}}
</form>
</div>
{% endblock %}
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/Allura/allura/templates/neighborhood_admin_accolades.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/neighborhood_admin_accolades.html b/Allura/allura/templates/neighborhood_admin_accolades.html
index 2f6d82f..a092baa 100644
--- a/Allura/allura/templates/neighborhood_admin_accolades.html
+++ b/Allura/allura/templates/neighborhood_admin_accolades.html
@@ -57,6 +57,7 @@
<td>
<form action="{{award.longurl()}}/delete" method="post">
<input type="submit" value="Delete"/>
+ {{lib.csrf_token()}}
</form>
</tr>
{% endfor %}
@@ -94,6 +95,7 @@
</tr>
</tbody>
</table>
+ {{lib.csrf_token()}}
</form>
{% if awards_count > 0 %}
@@ -126,6 +128,7 @@
</tr>
</tbody>
</table>
+ {{lib.csrf_token()}}
</form>
</p>
{% endif %}
@@ -150,6 +153,7 @@
<td>
<form action="{{grant.longurl()}}/revoke" method="post">
<input type="submit" value="Revoke"/>
+ {{lib.csrf_token()}}
</form>
</tr>
{% endfor %}
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/Allura/allura/templates/neighborhood_moderate.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/neighborhood_moderate.html b/Allura/allura/templates/neighborhood_moderate.html
index 5fe5c3f..c164140 100644
--- a/Allura/allura/templates/neighborhood_moderate.html
+++ b/Allura/allura/templates/neighborhood_moderate.html
@@ -47,6 +47,7 @@
</p>
<input type="submit" name="invite" value="Invite!"/>
<input type="submit" name="uninvite" value="Cancel Invitation!"/>
+ {{lib.csrf_token()}}
</form>
@@ -62,5 +63,6 @@
{% endfor %}
</select>
<input type="submit" value="Evict!"/>
+ {{lib.csrf_token()}}
</form>
{% endblock %}
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/Allura/allura/templates/oauth_applications.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/oauth_applications.html b/Allura/allura/templates/oauth_applications.html
index 6bc90a3..3742662 100644
--- a/Allura/allura/templates/oauth_applications.html
+++ b/Allura/allura/templates/oauth_applications.html
@@ -105,6 +105,7 @@
<form method="POST" action="revoke_access_token" class="revoke_access_token">
<input type="hidden" name="_id" value="{{access_token._id}}"/>
<input type="submit" value="Revoke"/>
+ {{lib.csrf_token()}}
</form>
</td>
</tr>
@@ -131,10 +132,12 @@
<form method="POST" action="deregister" class="deregister_consumer_token">
<input type="hidden" name="_id" value="{{consumer_token._id}}"/>
<input type="submit" value="Deregister"/>
+ {{lib.csrf_token()}}
</form>
<form method="POST" action="generate_access_token" class="generate_access_token">
<input type="hidden" name="_id" value="{{consumer_token._id}}"/>
<input type="submit" value="Generate Bearer Token"/>
+ {{lib.csrf_token()}}
</form>
</td>
</tr>
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/Allura/allura/templates/oauth_authorize.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/oauth_authorize.html b/Allura/allura/templates/oauth_authorize.html
index 0aa0437..7177442 100644
--- a/Allura/allura/templates/oauth_authorize.html
+++ b/Allura/allura/templates/oauth_authorize.html
@@ -38,6 +38,7 @@
<input type="hidden" name="oauth_token" value="{{oauth_token}}"/>
<input type="submit" name="no" value="No, do not authorize {{ consumer.name }}">
<input type="submit" name="yes" value="Yes, authorize {{ consumer.name }}"><br>
+ {{lib.csrf_token()}}
</form>
<br style="clear:both"/>
<h2>{{consumer.name}}</h2>
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/Allura/allura/templates/repo/default_branch.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/repo/default_branch.html b/Allura/allura/templates/repo/default_branch.html
index 6c20021..e72634a 100644
--- a/Allura/allura/templates/repo/default_branch.html
+++ b/Allura/allura/templates/repo/default_branch.html
@@ -16,7 +16,6 @@
specific language governing permissions and limitations
under the License.
-#}
-
<form action="{{c.project.url()}}admin/{{app.config.options.mount_point}}/set_default_branch_name" method="POST">
<label class="grid-13">Default branch name:</label>
<div class="grid-13">
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/Allura/allura/templates/repo/fork.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/repo/fork.html b/Allura/allura/templates/repo/fork.html
index b552273..b8698d5 100644
--- a/Allura/allura/templates/repo/fork.html
+++ b/Allura/allura/templates/repo/fork.html
@@ -47,5 +47,6 @@
<input type="submit" value="Fork"/>
</div>
{% endif %}
+ {{lib.csrf_token()}}
</form>
{% endblock %}
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/Allura/allura/templates/repo/tarball.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/repo/tarball.html b/Allura/allura/templates/repo/tarball.html
index f929433..d68430d 100644
--- a/Allura/allura/templates/repo/tarball.html
+++ b/Allura/allura/templates/repo/tarball.html
@@ -91,6 +91,7 @@ Commit <a href="{{commit.url()}}">{{commit.shorthand_id()}}</a> {{commit_labels(
<p>We're having trouble finding that snapshot. Would you like to resubmit?</p>
<input type="hidden" name="path" value="{{path}}" />
<input type="submit" value="Resubmit Snapshot Request" />
+ {{lib.csrf_token()}}
</form>
</div>
{% endblock %}
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/Allura/allura/templates/repo/tree.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/repo/tree.html b/Allura/allura/templates/repo/tree.html
index 851ad38..e310056 100644
--- a/Allura/allura/templates/repo/tree.html
+++ b/Allura/allura/templates/repo/tree.html
@@ -59,6 +59,7 @@ form.tarball button:hover {
<form class="tarball" action="{{ tarball_url }}" method="post">
<input type="hidden" name="path" value="{{ path or '' }}" />
<button><b data-icon="{{g.icons.folder.char}}" class="ico {{g.icons.folder.css}}" title="Snapshot"></b> Download Snapshot</button>
+ {{lib.csrf_token()}}
</form>
{% endif %}
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/Allura/allura/templates/setup_openid_user.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/setup_openid_user.html b/Allura/allura/templates/setup_openid_user.html
index ee14125..6496b8f 100644
--- a/Allura/allura/templates/setup_openid_user.html
+++ b/Allura/allura/templates/setup_openid_user.html
@@ -31,6 +31,7 @@
<div class="grid-18"><input type="text" id="display_name" name="display_name"/></div>
<label class="grid-4"> </label>
<div class="grid-18"><input type="submit" value="Setup Account"/></div>
+ {{lib.csrf_token()}}
</form>
</div>
{% endblock %}
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/Allura/allura/templates/site_admin_add_subscribers.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/site_admin_add_subscribers.html b/Allura/allura/templates/site_admin_add_subscribers.html
index 660e55f..3cffdee 100644
--- a/Allura/allura/templates/site_admin_add_subscribers.html
+++ b/Allura/allura/templates/site_admin_add_subscribers.html
@@ -33,5 +33,6 @@
<td><input type="submit" value="Save"></td>
</tr>
</table>
+ {{lib.csrf_token()}}
</form>
{% endblock %}
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/Allura/allura/templates/site_admin_api_tickets.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/site_admin_api_tickets.html b/Allura/allura/templates/site_admin_api_tickets.html
index fbb6724..0dba2ea 100644
--- a/Allura/allura/templates/site_admin_api_tickets.html
+++ b/Allura/allura/templates/site_admin_api_tickets.html
@@ -39,6 +39,7 @@
<td><input type="submit" value="Save"><td>
</tr>
</table>
+{{lib.csrf_token()}}
</form>
<table>
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/Allura/allura/templates/site_admin_new_projects.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/site_admin_new_projects.html b/Allura/allura/templates/site_admin_new_projects.html
index f6dc2f0..46cad9a 100644
--- a/Allura/allura/templates/site_admin_new_projects.html
+++ b/Allura/allura/templates/site_admin_new_projects.html
@@ -34,6 +34,7 @@
<label for="end-dt">To: </label><input type="text" name="end-dt" id="end-dt" value="{{ window_end.strftime('%Y/%m/%d %H:%M:%S') }}">
</div>
<div class="grid-3"><input type="submit" value="Filter"></div>
+ {{lib.csrf_token()}}
</form>
</div>
{{ _paging() }}
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/Allura/allura/templates/site_admin_reclone_repo.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/site_admin_reclone_repo.html b/Allura/allura/templates/site_admin_reclone_repo.html
index f1b28b4..5aeadf2 100644
--- a/Allura/allura/templates/site_admin_reclone_repo.html
+++ b/Allura/allura/templates/site_admin_reclone_repo.html
@@ -36,5 +36,6 @@
<td><input type="submit" value="Reclone"></td>
</tr>
</table>
+ {{lib.csrf_token()}}
</form>
-{% endblock %}
\ No newline at end of file
+{% endblock %}
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/Allura/allura/templates/site_admin_task_new.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/site_admin_task_new.html b/Allura/allura/templates/site_admin_task_new.html
index 2244e77..cf66620 100644
--- a/Allura/allura/templates/site_admin_task_new.html
+++ b/Allura/allura/templates/site_admin_task_new.html
@@ -103,6 +103,7 @@
<input type="submit" /><br/>
<pre class="doc"></pre>
+ {{lib.csrf_token()}}
</form>
{% endblock %}
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/Allura/allura/templates/site_admin_task_view.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/site_admin_task_view.html b/Allura/allura/templates/site_admin_task_view.html
index e363b8d..6306885 100644
--- a/Allura/allura/templates/site_admin_task_view.html
+++ b/Allura/allura/templates/site_admin_task_view.html
@@ -79,6 +79,7 @@
{% if task.state in ['error', 'complete'] %}
<form id="resubmit-task-form" action="../resubmit/{{task._id}}" method="POST">
<input type="submit" value="Re-Submit Task" />
+ {{lib.csrf_token()}}
</form>
{% endif %}
<h2>Task Details</h2>
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/Allura/allura/templates/user_prefs.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/user_prefs.html b/Allura/allura/templates/user_prefs.html
index 2efb388..3185747 100644
--- a/Allura/allura/templates/user_prefs.html
+++ b/Allura/allura/templates/user_prefs.html
@@ -116,6 +116,7 @@
<div class="grid-18">
{{lib.submit_button('Save Changes')}}
</div>
+ {{lib.csrf_token()}}
</form>
</div>
@@ -146,12 +147,14 @@
</p>
<form method="POST" action="del_api_token" class="grid-18">
<input type="submit" value="Delete API Token">
+ {{lib.csrf_token()}}
</form>
{% else %}
<p>No API token generated</p>
{% endif %}
<form method="POST" action="gen_api_token" class="grid-18">
<input type="submit" value="(Re)generate API Token">
+ {{lib.csrf_token()}}
</form>
</div>
{% endif %}
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/Allura/allura/templates/widgets/admin_form.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/widgets/admin_form.html b/Allura/allura/templates/widgets/admin_form.html
index f516d12..04e29b0 100644
--- a/Allura/allura/templates/widgets/admin_form.html
+++ b/Allura/allura/templates/widgets/admin_form.html
@@ -16,6 +16,7 @@
specific language governing permissions and limitations
under the License.
-#}
+{% import 'allura:templates/jinja_master/lib.html' as lib with context %}
<form method="{{method}}"
{% if enctype %}enctype="{{enctype}}"{% endif %}
action="{{action}}">
@@ -42,4 +43,5 @@
{% endfor %}
<a href="#" class="close">Cancel</a>
</div>
+ {{lib.csrf_token()}}
</form>
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/Allura/allura/templates/widgets/attachment_add.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/widgets/attachment_add.html b/Allura/allura/templates/widgets/attachment_add.html
index 51f4d5b..d1a2775 100644
--- a/Allura/allura/templates/widgets/attachment_add.html
+++ b/Allura/allura/templates/widgets/attachment_add.html
@@ -16,6 +16,7 @@
specific language governing permissions and limitations
under the License.
-#}
+{% import 'allura:templates/jinja_master/lib.html' as lib with context %}
<form method="post"
action="{{action}}"
enctype="multipart/form-data">
@@ -24,4 +25,5 @@
<input type="file" class="text" name="{{name}}" multiple="True" id="{{name}}" style="margin-left:0"/><br/>
<input type="submit" value="Attach files"/>
</div>
+ {{lib.csrf_token()}}
</form>
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/Allura/allura/templates/widgets/attachment_list.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/widgets/attachment_list.html b/Allura/allura/templates/widgets/attachment_list.html
index 09d8177..d26a35e 100644
--- a/Allura/allura/templates/widgets/attachment_list.html
+++ b/Allura/allura/templates/widgets/attachment_list.html
@@ -16,6 +16,7 @@
specific language governing permissions and limitations
under the License.
-#}
+{% import 'allura:templates/jinja_master/lib.html' as lib with context %}
<div>
{% if attachments %}
{% set attachments = attachments|list %}
@@ -31,6 +32,7 @@
<form method="post" action="{{att.url()}}">
<input type="hidden" name="delete" value="True"/>
<input type="submit" value="Delete File"/>
+ {{lib.csrf_token()}}
</form>
{% endif %}
</div>
@@ -48,6 +50,7 @@
<input type="submit" value="Delete File"/>
</span>
{% endif %}
+ {{lib.csrf_token()}}
</form>
</div>
{% endfor %}
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/Allura/allura/templates/widgets/edit_post.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/widgets/edit_post.html b/Allura/allura/templates/widgets/edit_post.html
index 38ad0b3..a42803e 100644
--- a/Allura/allura/templates/widgets/edit_post.html
+++ b/Allura/allura/templates/widgets/edit_post.html
@@ -16,6 +16,7 @@
specific language governing permissions and limitations
under the License.
-#}
+{% import 'allura:templates/jinja_master/lib.html' as lib with context %}
<div>
<form method="post" action="{{action}}"
enctype="multipart/form-data">
@@ -33,5 +34,6 @@
<input type="file" class="text attachment_form_fields" style="display:none" multiple="True" name="{{att_name}}" {% if att_id %}id="{{att_id}}"{% endif %}/>
{% if widget.antispam %}{% for fld in g.antispam.extra_fields() %}
{{fld}}{% endfor %}{% endif %}
+ {{lib.csrf_token()}}
</form>
</div>
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/Allura/allura/templates/widgets/flag_post.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/widgets/flag_post.html b/Allura/allura/templates/widgets/flag_post.html
index b539e04..bb77fa6 100644
--- a/Allura/allura/templates/widgets/flag_post.html
+++ b/Allura/allura/templates/widgets/flag_post.html
@@ -16,7 +16,9 @@
specific language governing permissions and limitations
under the License.
-#}
+{% import 'allura:templates/jinja_master/lib.html' as lib with context %}
<form method="POST" action="{{action}}">
<input type="hidden" name="delete" value="True"/>
<a href="" title="Flag as inappropriate or spam" class="flag_post ico-l"><b data-icon="{{g.icons['flag'].char}}" class="ico {{g.icons['flag'].css}}"></b> <span>Flag</span></a>
-</form>
\ No newline at end of file
+ {{lib.csrf_token()}}
+</form>
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/Allura/allura/templates/widgets/forge_form.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/widgets/forge_form.html b/Allura/allura/templates/widgets/forge_form.html
index de20c42..6ab41d4 100644
--- a/Allura/allura/templates/widgets/forge_form.html
+++ b/Allura/allura/templates/widgets/forge_form.html
@@ -54,5 +54,5 @@
{% endif %}
{% if widget.antispam %}{% for fld in g.antispam.extra_fields() %}
{{fld}}{% endfor %}{% endif %}
- {{lib.csrf_token()}}
+ {{lib.csrf_token()}}
</form>
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/Allura/allura/templates/widgets/moderate_post.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/widgets/moderate_post.html b/Allura/allura/templates/widgets/moderate_post.html
index 0487016..d111e23 100644
--- a/Allura/allura/templates/widgets/moderate_post.html
+++ b/Allura/allura/templates/widgets/moderate_post.html
@@ -16,20 +16,24 @@
specific language governing permissions and limitations
under the License.
-#}
+{% import 'allura:templates/jinja_master/lib.html' as lib with context %}
<form method="POST" action="{{action}}">
<input type="hidden" name="delete" value="True"/>
<a href="" class="moderate_post little_link"><span>Delete</span></a>
+ {{lib.csrf_token()}}
</form>
<br/>
{%if status == 'pending'%}
<form method="POST" class="moderate_approve" action="{{action}}">
<input type="hidden" name="approve" value="True"/>
<a href="" class="moderate_post little_link"><span>Approve</span></a>
+ {{lib.csrf_token()}}
</form>
<br/>
{%endif%}
<form method="POST" class="moderate_spam" action="{{action}}">
<input type="hidden" name="spam" value="True"/>
<a href="" class="moderate_post little_link"><span>Spam</span></a>
+ {{lib.csrf_token()}}
</form>
<br/>
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/Allura/allura/templates/widgets/moderate_posts.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/widgets/moderate_posts.html b/Allura/allura/templates/widgets/moderate_posts.html
index 25294a3..e06fc12 100644
--- a/Allura/allura/templates/widgets/moderate_posts.html
+++ b/Allura/allura/templates/widgets/moderate_posts.html
@@ -16,6 +16,7 @@
specific language governing permissions and limitations
under the License.
-#}
+{% import 'allura:templates/jinja_master/lib.html' as lib with context %}
<form {{widget.j2_attrs({'name':name, 'id':id, 'method':method, 'action':action, 'enctype':enctype})}}
{{attrs|default({}, true)|xmlattr}}>
<fieldset class="grid-19">
@@ -65,4 +66,5 @@
{% endfor %}
</tbody>
</table>
+ {{lib.csrf_token()}}
</form>
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/Allura/allura/templates/widgets/neighborhood_add_project.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/widgets/neighborhood_add_project.html b/Allura/allura/templates/widgets/neighborhood_add_project.html
index 5a45019..002b8e4 100644
--- a/Allura/allura/templates/widgets/neighborhood_add_project.html
+++ b/Allura/allura/templates/widgets/neighborhood_add_project.html
@@ -16,6 +16,7 @@
specific language governing permissions and limitations
under the License.
-#}
+{% import 'allura:templates/jinja_master/lib.html' as lib with context %}
<form action="{{action}}" method="POST">
<div class="welcome">
@@ -76,4 +77,5 @@
</div>
{% if widget.antispam %}{% for fld in g.antispam.extra_fields() %}
{{fld}}{% endfor %}{% endif %}
+ {{lib.csrf_token()}}
</form>
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/Allura/allura/templates/widgets/neighborhood_overview_form.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/widgets/neighborhood_overview_form.html b/Allura/allura/templates/widgets/neighborhood_overview_form.html
index 6b63d3b..c9d0f9d 100644
--- a/Allura/allura/templates/widgets/neighborhood_overview_form.html
+++ b/Allura/allura/templates/widgets/neighborhood_overview_form.html
@@ -58,4 +58,5 @@
</div>
<label class="grid-4"> </label>
<div class="grid-14"><input type="submit" value="Save"/></div>
+ {{lib.csrf_token()}}
</form>
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/Allura/allura/templates/widgets/new_topic_post.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/widgets/new_topic_post.html b/Allura/allura/templates/widgets/new_topic_post.html
index 60e31a0..1c03b94 100644
--- a/Allura/allura/templates/widgets/new_topic_post.html
+++ b/Allura/allura/templates/widgets/new_topic_post.html
@@ -16,6 +16,7 @@
specific language governing permissions and limitations
under the License.
-#}
+{% import 'allura:templates/jinja_master/lib.html' as lib with context %}
<form method="post" action="{{action}}">
{% if show_subject %}
<div class="grid-19"> </div>
@@ -46,4 +47,5 @@
</div>
{% if widget.antispam %}{% for fld in g.antispam.extra_fields() %}
{{fld}}{% endfor %}{% endif %}
+ {{lib.csrf_token()}}
</form>
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/Allura/allura/templates/widgets/page_size.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/widgets/page_size.html b/Allura/allura/templates/widgets/page_size.html
index baed90a..99fc3ac 100644
--- a/Allura/allura/templates/widgets/page_size.html
+++ b/Allura/allura/templates/widgets/page_size.html
@@ -16,6 +16,7 @@
specific language governing permissions and limitations
under the License.
-#}
+{% import 'allura:templates/jinja_master/lib.html' as lib with context %}
<form method="get">
{% for k,v in widget.url_params.iteritems() %}
<input type="hidden" name="{{k}}" value="{{v}}"/>
@@ -34,4 +35,5 @@
{% endif %}
result{% if limit|int != 1 %}s{% endif %} of {{count}} </strong></p>
{% endif %}
+ {{lib.csrf_token()}}
</form>
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/Allura/allura/templates/widgets/post_widget.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/widgets/post_widget.html b/Allura/allura/templates/widgets/post_widget.html
index 2aebd44..f85fc4b 100644
--- a/Allura/allura/templates/widgets/post_widget.html
+++ b/Allura/allura/templates/widgets/post_widget.html
@@ -88,6 +88,7 @@
{% endif %}
{% endif %}
<input type="hidden" name="delete" value="True">
+ {{lib.csrf_token()}}
</form>
</div>
{% endfor %}
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/Allura/allura/templates/widgets/project_screenshots.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/widgets/project_screenshots.html b/Allura/allura/templates/widgets/project_screenshots.html
index 7d3d338..f1c5bca 100644
--- a/Allura/allura/templates/widgets/project_screenshots.html
+++ b/Allura/allura/templates/widgets/project_screenshots.html
@@ -16,6 +16,7 @@
specific language governing permissions and limitations
under the License.
-#}
+{% import 'allura:templates/jinja_master/lib.html' as lib with context %}
{% set screenshots = project.get_screenshots() %}
{% if screenshots.__len__() > 1 %}
<p>Drag screenshots to sort.</p>
@@ -36,10 +37,12 @@
<input type="hidden" value="{{ss._id}}" name="id">
<input type="text" value="{{ss.caption}}" name="caption"><br>
<input type="submit" value="Save Changes">
+ {{lib.csrf_token()}}
</form>
<form action="delete_screenshot" method="post">
<input type="hidden" value="{{ss._id}}" name="id">
<input type="submit" value="Delete">
+ {{lib.csrf_token()}}
</form>
</div>
{% endif %}
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/Allura/allura/templates/widgets/search_results.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/widgets/search_results.html b/Allura/allura/templates/widgets/search_results.html
index 464dab4..74b9134 100644
--- a/Allura/allura/templates/widgets/search_results.html
+++ b/Allura/allura/templates/widgets/search_results.html
@@ -16,6 +16,7 @@
specific language governing permissions and limitations
under the License.
-#}
+{% import 'allura:templates/jinja_master/lib.html' as lib with context %}
<form method="GET" action=".">
<div class="grid-10">
<input type="text" name="q" value="{{q}}" class="search-query" title="Search App"/>
@@ -52,6 +53,7 @@
<input id="search-history" type="checkbox" name="history"{% if history %} checked{% endif %}>
{% endif %}
</div>
+ {{lib.csrf_token()}}
</form>
<div style="clear:both"> </div>
{% if search_error %}
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/Allura/allura/templates/widgets/subscription_form.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/widgets/subscription_form.html b/Allura/allura/templates/widgets/subscription_form.html
index b138c58..45aed2a 100644
--- a/Allura/allura/templates/widgets/subscription_form.html
+++ b/Allura/allura/templates/widgets/subscription_form.html
@@ -16,6 +16,7 @@
specific language governing permissions and limitations
under the License.
-#}
+{% import 'allura:templates/jinja_master/lib.html' as lib with context %}
<div {{attrs|default({}, true)|xmlattr}} class="discussion_subscription_form">
<div class="clear"></div>
<div class="pagination_size">{{widget.fields['page_list'].display(limit=limit, page=page, count=count)}}</div>
@@ -26,6 +27,7 @@
<input type="submit" value="Update email subscriptions"/>
{% endif %}
</p>
+ {{lib.csrf_token()}}
</form>
{{widget.fields['page_list'].display(limit=limit, page=page, count=count)}}
{{widget.fields['page_size'].display(limit=limit, page=page, count=count)}}
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/Allura/allura/templates/widgets/vote.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/widgets/vote.html b/Allura/allura/templates/widgets/vote.html
index 06f40d7..c5b5f97 100644
--- a/Allura/allura/templates/widgets/vote.html
+++ b/Allura/allura/templates/widgets/vote.html
@@ -16,6 +16,7 @@
specific language governing permissions and limitations
under the License.
-#}
+{% import 'allura:templates/jinja_master/lib.html' as lib with context %}
{% set can_vote = c.user and c.user != c.user.anonymous()
and h.has_access(artifact, 'post')() %}
{% set voted = artifact.user_voted(c.user) %}
@@ -44,6 +45,7 @@
{% if can_vote %}
<form action="{{ action }}" method="POST">
{# csrf protection will be automatically inserted here (_session_id field) #}
+ {{lib.csrf_token()}}
</form>
{% endif %}
</div>
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/ForgeBlog/forgeblog/templates/blog/admin_exfeed.html
----------------------------------------------------------------------
diff --git a/ForgeBlog/forgeblog/templates/blog/admin_exfeed.html b/ForgeBlog/forgeblog/templates/blog/admin_exfeed.html
index 9fc417a..e5d7a18 100644
--- a/ForgeBlog/forgeblog/templates/blog/admin_exfeed.html
+++ b/ForgeBlog/forgeblog/templates/blog/admin_exfeed.html
@@ -16,6 +16,7 @@
specific language governing permissions and limitations
under the License.
-#}
+{% import 'allura:templates/jinja_master/lib.html' as lib with context %}
<form method="POST" action="{{c.project.url()}}admin/{{app.config.options.mount_point}}/set_exfeed">
<label class="grid-13">Existing external feeds:</label>
<div class="grid-13">
@@ -42,4 +43,5 @@
<input type="submit" value="Save"/>
</div>
{% endif %}
+ {{lib.csrf_token()}}
</form>
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/ForgeBlog/forgeblog/templates/blog/post_history.html
----------------------------------------------------------------------
diff --git a/ForgeBlog/forgeblog/templates/blog/post_history.html b/ForgeBlog/forgeblog/templates/blog/post_history.html
index fd1efbf..2fb74e8 100644
--- a/ForgeBlog/forgeblog/templates/blog/post_history.html
+++ b/ForgeBlog/forgeblog/templates/blog/post_history.html
@@ -51,5 +51,6 @@
{% endfor %}
</tbody>
</table>
+ {{lib.csrf_token()}}
</form>
{% endblock %}
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/ForgeBlog/forgeblog/templates/blog_widgets/post_form.html
----------------------------------------------------------------------
diff --git a/ForgeBlog/forgeblog/templates/blog_widgets/post_form.html b/ForgeBlog/forgeblog/templates/blog_widgets/post_form.html
index ecfc16c..66e3b4d 100644
--- a/ForgeBlog/forgeblog/templates/blog_widgets/post_form.html
+++ b/ForgeBlog/forgeblog/templates/blog_widgets/post_form.html
@@ -16,6 +16,7 @@
specific language governing permissions and limitations
under the License.
-#}
+{% import 'allura:templates/jinja_master/lib.html' as lib with context %}
<div class="editbox">
<form method="{{method}}"
{% if enctype %}enctype="{{enctype}}"{% endif %}
@@ -50,5 +51,6 @@
</div>
{% if widget.antispam %}{% for fld in g.antispam.extra_fields() %}
{{fld}}{% endfor %}{% endif %}
+ {{lib.csrf_token()}}
</form>
</div>
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/ForgeDiscussion/forgediscussion/templates/discussion_widgets/add_forum.html
----------------------------------------------------------------------
diff --git a/ForgeDiscussion/forgediscussion/templates/discussion_widgets/add_forum.html b/ForgeDiscussion/forgediscussion/templates/discussion_widgets/add_forum.html
index 626b2b3..b483c92 100644
--- a/ForgeDiscussion/forgediscussion/templates/discussion_widgets/add_forum.html
+++ b/ForgeDiscussion/forgediscussion/templates/discussion_widgets/add_forum.html
@@ -48,6 +48,7 @@
<input type="button" id="add_forum_cancel" value="Cancel">
</div>
</div>
+ {{lib.csrf_token()}}
</form>
<script type="text/javascript">
function addLoadEvent(func) {
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/ForgeDiscussion/forgediscussion/templates/discussion_widgets/add_forum_short.html
----------------------------------------------------------------------
diff --git a/ForgeDiscussion/forgediscussion/templates/discussion_widgets/add_forum_short.html b/ForgeDiscussion/forgediscussion/templates/discussion_widgets/add_forum_short.html
index 701022c..273a00e 100644
--- a/ForgeDiscussion/forgediscussion/templates/discussion_widgets/add_forum_short.html
+++ b/ForgeDiscussion/forgediscussion/templates/discussion_widgets/add_forum_short.html
@@ -16,6 +16,7 @@
specific language governing permissions and limitations
under the License.
-#}
+{% import 'allura:templates/jinja_master/lib.html' as lib with context %}
<form method="{{method}}" action="{{action}}" enctype="multipart/form-data" id="new_forum_form">
<input type="hidden" name="add_forum.app_id" value="{{app and app.config._id}}">
<div class="grid-6">
@@ -47,6 +48,7 @@
<input type="submit" id="new_forum.create" name="new_forum.create" value="Save">
<a id="add_forum_cancel" class="btn link">Cancel</a>
</div>
+ {{lib.csrf_token()}}
</form>
<script type="text/javascript">
{% for field in widget.fields %}
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/ForgeDiscussion/forgediscussion/templates/discussionforums/admin_forums.html
----------------------------------------------------------------------
diff --git a/ForgeDiscussion/forgediscussion/templates/discussionforums/admin_forums.html b/ForgeDiscussion/forgediscussion/templates/discussionforums/admin_forums.html
index 2284a5d..9b6b3e0 100644
--- a/ForgeDiscussion/forgediscussion/templates/discussionforums/admin_forums.html
+++ b/ForgeDiscussion/forgediscussion/templates/discussionforums/admin_forums.html
@@ -17,6 +17,7 @@
under the License.
-#}
{% extends g.theme.master %}
+{% import 'allura:templates/jinja_master/lib.html' as lib with context %}
{% block title %}{{c.project.name}} / {{app.config.options.mount_label}} / Admin Forums{% endblock %}
@@ -108,6 +109,7 @@
</tbody>
</table>
<div class="grid-19"><input type="button" id="add_forum" value="Add another forum"></div>
+ {{lib.csrf_token()}}
</form>
{{c.add_forum.display(method='POST',action='add_forum',app=app, value=c.add_forum)}}
{% endblock %}
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/ForgeDiscussion/forgediscussion/templates/discussionforums/stats_graph.html
----------------------------------------------------------------------
diff --git a/ForgeDiscussion/forgediscussion/templates/discussionforums/stats_graph.html b/ForgeDiscussion/forgediscussion/templates/discussionforums/stats_graph.html
index d702657..2d28448 100644
--- a/ForgeDiscussion/forgediscussion/templates/discussionforums/stats_graph.html
+++ b/ForgeDiscussion/forgediscussion/templates/discussionforums/stats_graph.html
@@ -17,6 +17,7 @@
under the License.
-#}
{% extends g.theme.master %}
+{% import 'allura:templates/jinja_master/lib.html' as lib with context %}
{% block title %}{{c.project.name}} / {{c.app.config.options.mount_label}} / Stats{% endblock %}
@@ -37,6 +38,7 @@
>{{forum.name}}</option>
{% endfor %}
</select>
+ {{lib.csrf_token()}}
</form>
<div id="stats-viz-container" class="project_stats">
@@ -100,4 +102,4 @@
});
});
</script>
-{% endblock %}
\ No newline at end of file
+{% endblock %}
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/ForgeImporters/forgeimporters/templates/importer_base.html
----------------------------------------------------------------------
diff --git a/ForgeImporters/forgeimporters/templates/importer_base.html b/ForgeImporters/forgeimporters/templates/importer_base.html
index 16cbae2..b22aa3d 100644
--- a/ForgeImporters/forgeimporters/templates/importer_base.html
+++ b/ForgeImporters/forgeimporters/templates/importer_base.html
@@ -95,5 +95,6 @@
</div>
<input type="submit" value="Import"/>
+ {{lib.csrf_token()}}
</form>
{% endblock %}
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/ForgeImporters/forgeimporters/templates/project_base.html
----------------------------------------------------------------------
diff --git a/ForgeImporters/forgeimporters/templates/project_base.html b/ForgeImporters/forgeimporters/templates/project_base.html
index d7863eb..d34c2d1 100644
--- a/ForgeImporters/forgeimporters/templates/project_base.html
+++ b/ForgeImporters/forgeimporters/templates/project_base.html
@@ -148,5 +148,6 @@
</div>
<input type="submit" value="Import"/>
+ {{lib.csrf_token()}}
</form>
{% endblock %}
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/ForgeShortUrl/forgeshorturl/templates/form.html
----------------------------------------------------------------------
diff --git a/ForgeShortUrl/forgeshorturl/templates/form.html b/ForgeShortUrl/forgeshorturl/templates/form.html
index fa39b92..855563c 100644
--- a/ForgeShortUrl/forgeshorturl/templates/form.html
+++ b/ForgeShortUrl/forgeshorturl/templates/form.html
@@ -16,6 +16,8 @@
specific language governing permissions and limitations
under the License.
-#}
+{% import 'allura:templates/jinja_master/lib.html' as lib with context %}
+
{% set app = app or c.app %}
<div>
<h1 id="short-url-form-title" style="display:none"><span id="short-url-form-action-label">Add</span> Short URL</h1>
@@ -35,6 +37,7 @@
<div class="grid-13"><div class="grid-13"> </div>
<input type="submit" value="Save">
<a href="#" class="close">Cancel</a></div>
+ {{lib.csrf_token()}}
</form>
</div>
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/ForgeTracker/forgetracker/templates/tracker/admin_fields.html
----------------------------------------------------------------------
diff --git a/ForgeTracker/forgetracker/templates/tracker/admin_fields.html b/ForgeTracker/forgetracker/templates/tracker/admin_fields.html
index b16c8b5..7d6c343 100644
--- a/ForgeTracker/forgetracker/templates/tracker/admin_fields.html
+++ b/ForgeTracker/forgetracker/templates/tracker/admin_fields.html
@@ -44,6 +44,7 @@
{%endfor%}
<tr><td><input type="submit" value="Save"></td><td></td></tr>
</table>
+ {{lib.csrf_token()}}
</form>
{% endblock %}
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/ForgeTracker/forgetracker/templates/tracker/bin.html
----------------------------------------------------------------------
diff --git a/ForgeTracker/forgetracker/templates/tracker/bin.html b/ForgeTracker/forgetracker/templates/tracker/bin.html
index 42121b7..4badd12 100644
--- a/ForgeTracker/forgetracker/templates/tracker/bin.html
+++ b/ForgeTracker/forgetracker/templates/tracker/bin.html
@@ -86,6 +86,7 @@
<a href="#" class="btn link cancel_edit">Cancel</a>
{% endif %}
</div>
+ {{lib.csrf_token()}}
</form>
{% endblock %}
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/ForgeTracker/forgetracker/templates/tracker/milestones.html
----------------------------------------------------------------------
diff --git a/ForgeTracker/forgetracker/templates/tracker/milestones.html b/ForgeTracker/forgetracker/templates/tracker/milestones.html
index e04eb91..7e4a670 100644
--- a/ForgeTracker/forgetracker/templates/tracker/milestones.html
+++ b/ForgeTracker/forgetracker/templates/tracker/milestones.html
@@ -98,6 +98,7 @@
<input type="submit" value="Save">
<a href="#" class="btn link cancel_edit">Cancel</a>
</div>
+ {{lib.csrf_token()}}
</form>
{% endblock %}
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/ForgeTracker/forgetracker/templates/tracker/search.html
----------------------------------------------------------------------
diff --git a/ForgeTracker/forgetracker/templates/tracker/search.html b/ForgeTracker/forgetracker/templates/tracker/search.html
index c355f47..a690830 100644
--- a/ForgeTracker/forgetracker/templates/tracker/search.html
+++ b/ForgeTracker/forgetracker/templates/tracker/search.html
@@ -74,6 +74,7 @@
<input type="button" value="Update Search" id="save_search"/>
{% endif %}
<input type="submit" value="Search"/>
+ {{lib.csrf_token()}}
</form>
<a href="{{tg.url(c.app.url + 'search_help/')}}" target="_blank" class="btn search_help_modal"><b data-icon="{{g.icons['help'].char}}" class="ico {{g.icons['help'].css}}"></b> Help</a>
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/ForgeTracker/forgetracker/templates/tracker_widgets/bin_form.html
----------------------------------------------------------------------
diff --git a/ForgeTracker/forgetracker/templates/tracker_widgets/bin_form.html b/ForgeTracker/forgetracker/templates/tracker_widgets/bin_form.html
index c6f6069..c269a37 100644
--- a/ForgeTracker/forgetracker/templates/tracker_widgets/bin_form.html
+++ b/ForgeTracker/forgetracker/templates/tracker_widgets/bin_form.html
@@ -16,6 +16,7 @@
specific language governing permissions and limitations
under the License.
-#}
+{% import 'allura:templates/jinja_master/lib.html' as lib with context %}
<form method="post" action="{{action}}">
{% for field in hidden_fields -%}
{% set ctx=widget.context_for(field) -%}
@@ -33,4 +34,5 @@
<input type="submit" value="Save"/>
<input type="button" value="Cancel" id="cancel_new_bin"/>
</div>
+ {{lib.csrf_token()}}
</form>
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/ForgeTracker/forgetracker/templates/tracker_widgets/mass_edit_form.html
----------------------------------------------------------------------
diff --git a/ForgeTracker/forgetracker/templates/tracker_widgets/mass_edit_form.html b/ForgeTracker/forgetracker/templates/tracker_widgets/mass_edit_form.html
index 666c325..bfeaf15 100644
--- a/ForgeTracker/forgetracker/templates/tracker_widgets/mass_edit_form.html
+++ b/ForgeTracker/forgetracker/templates/tracker_widgets/mass_edit_form.html
@@ -16,6 +16,7 @@
specific language governing permissions and limitations
under the License.
-#}
+{% import 'allura:templates/jinja_master/lib.html' as lib with context %}
<form id="update-values" method="post" action="../update_tickets">
{% for field in globals.custom_fields %}
{% if field.name == '_milestone' %}
@@ -108,4 +109,5 @@
</div>
<div class="grid-12" id="result"></div>
<input name="__search" type="hidden" value="" id="id_search" />
-</form>
\ No newline at end of file
+ {{lib.csrf_token()}}
+</form>
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/ForgeTracker/forgetracker/templates/tracker_widgets/options_admin.html
----------------------------------------------------------------------
diff --git a/ForgeTracker/forgetracker/templates/tracker_widgets/options_admin.html b/ForgeTracker/forgetracker/templates/tracker_widgets/options_admin.html
index c298e02..2483917 100644
--- a/ForgeTracker/forgetracker/templates/tracker_widgets/options_admin.html
+++ b/ForgeTracker/forgetracker/templates/tracker_widgets/options_admin.html
@@ -16,6 +16,7 @@
specific language governing permissions and limitations
under the License.
-#}
+{% import 'allura:templates/jinja_master/lib.html' as lib with context %}
<form method="{{method}}"
{% if enctype %}enctype="{{enctype}}"{% endif %}
action="{{action}}">
@@ -44,4 +45,5 @@
{% endfor %}
<a href="#" onclick="window.history.back(); return false;" class="close">Cancel</a>
</div>
+ {{lib.csrf_token()}}
</form>
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/ForgeTracker/forgetracker/templates/tracker_widgets/ticket_form.html
----------------------------------------------------------------------
diff --git a/ForgeTracker/forgetracker/templates/tracker_widgets/ticket_form.html b/ForgeTracker/forgetracker/templates/tracker_widgets/ticket_form.html
index 8676159..93f5fcc 100644
--- a/ForgeTracker/forgetracker/templates/tracker_widgets/ticket_form.html
+++ b/ForgeTracker/forgetracker/templates/tracker_widgets/ticket_form.html
@@ -127,4 +127,5 @@
{{widget.display_field_by_name('submit')|safe}}
<a href="{{c.app.url}}" class="btn link cancel_form">Cancel</a>
</div>
+ {{lib.csrf_token()}}
</form>
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/ForgeTracker/forgetracker/templates/tracker_widgets/ticket_search_results.html
----------------------------------------------------------------------
diff --git a/ForgeTracker/forgetracker/templates/tracker_widgets/ticket_search_results.html b/ForgeTracker/forgetracker/templates/tracker_widgets/ticket_search_results.html
index 2c5bb6c..91ee78a 100644
--- a/ForgeTracker/forgetracker/templates/tracker_widgets/ticket_search_results.html
+++ b/ForgeTracker/forgetracker/templates/tracker_widgets/ticket_search_results.html
@@ -17,6 +17,7 @@
under the License.
-#}
{% from 'allura:templates/jinja_master/lib.html' import abbr_date with context %}
+{% import 'allura:templates/jinja_master/lib.html' as lib with context %}
<div id="ticket_search_results_holder" style="clear:both">
{% if solr_error %}<p>{{solr_error}}</p>{% endif %}
{{widget.fields['page_size'].display(page=page, count=count, limit=limit)}}
@@ -103,6 +104,7 @@
{% if h.has_access(c.app, 'configure') %}
<a href="{{c.project.url()}}admin/{{c.app.config.options.mount_point}}/fields">Change field settings permanently.</a>
{% endif %}
+ {{lib.csrf_token()}}
</form>
{{widget.fields['lightbox'].display()}}
{% endif %}
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/d778f65a/ForgeWiki/forgewiki/templates/wiki/page_edit.html
----------------------------------------------------------------------
diff --git a/ForgeWiki/forgewiki/templates/wiki/page_edit.html b/ForgeWiki/forgewiki/templates/wiki/page_edit.html
index 1944f54..534527e 100644
--- a/ForgeWiki/forgewiki/templates/wiki/page_edit.html
+++ b/ForgeWiki/forgewiki/templates/wiki/page_edit.html
@@ -17,6 +17,7 @@
under the License.
-#}
{% extends 'forgewiki:templates/wiki/master.html' %}
+{% import 'allura:templates/jinja_master/lib.html' as lib with context %}
{% block title %}{{c.project.name}} / {{c.app.config.options.mount_label}} / {{page.title}}{% endblock %}
@@ -57,6 +58,7 @@
<input type="submit" value="Save">
<input type="reset" value="Cancel">
</div>
+ {{lib.csrf_token()}}
</form>
<div class="grid-19">
{{c.attachment_list.display(attachments=page.attachments, edit_mode=page_exists and h.has_access(page, 'edit')())}}