You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by tv...@apache.org on 2013/12/05 23:17:11 UTC
[4/9] git commit: [#5475] ticket:472 JS CSFR protecion has moved to
csfr_token Jinja macro
[#5475] ticket:472 JS CSFR protecion has moved to csfr_token Jinja macro
Project: http://git-wip-us.apache.org/repos/asf/incubator-allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-allura/commit/127ea61f
Tree: http://git-wip-us.apache.org/repos/asf/incubator-allura/tree/127ea61f
Diff: http://git-wip-us.apache.org/repos/asf/incubator-allura/diff/127ea61f
Branch: refs/heads/tv/6941
Commit: 127ea61f69d6994ccd6e085ed687a0a6486439c7
Parents: 6449dbb
Author: Andrej Aleksandrov <pi...@gmail.com>
Authored: Thu Nov 7 10:52:00 2013 +0200
Committer: Dave Brondsema <db...@slashdotmedia.com>
Committed: Wed Dec 4 15:35:11 2013 +0000
----------------------------------------------------------------------
Allura/allura/public/nf/js/allura-base.js | 4 ----
Allura/allura/templates/jinja_master/lib.html | 7 +++++++
Allura/allura/templates/widgets/forge_form.html | 2 ++
3 files changed, 9 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/127ea61f/Allura/allura/public/nf/js/allura-base.js
----------------------------------------------------------------------
diff --git a/Allura/allura/public/nf/js/allura-base.js b/Allura/allura/public/nf/js/allura-base.js
index 5973609..e6e205e 100644
--- a/Allura/allura/public/nf/js/allura-base.js
+++ b/Allura/allura/public/nf/js/allura-base.js
@@ -213,10 +213,6 @@ $(function(){
}
});
- // Provide CSRF protection
- var cval = $.cookie('_session_id');
- $('form[method=post]').append('<input name="_session_id" type="hidden" value="'+cval+'">');
-
var SN_ID=0, SN_VIEWS=1, SN_CLOSED=2;
$('#site-notification .btn-close').click(function(e) {
var $note = $(this).parent();
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/127ea61f/Allura/allura/templates/jinja_master/lib.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/jinja_master/lib.html b/Allura/allura/templates/jinja_master/lib.html
index 8f6ddf2..4162368 100644
--- a/Allura/allura/templates/jinja_master/lib.html
+++ b/Allura/allura/templates/jinja_master/lib.html
@@ -16,6 +16,13 @@
specific language governing permissions and limitations
under the License.
-#}
+
+{% macro csrf_token() -%}
+ {% if request %}
+ <input name="_session_id" type="hidden" value="{{request.cookies['_session_id']}}">
+ {% endif %}
+{%- endmacro %}
+
{% macro related_artifacts(artifact) -%}
{% set related_artifacts = artifact.related_artifacts() %}
{% if related_artifacts %}
http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/127ea61f/Allura/allura/templates/widgets/forge_form.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/widgets/forge_form.html b/Allura/allura/templates/widgets/forge_form.html
index adbc01c..de20c42 100644
--- a/Allura/allura/templates/widgets/forge_form.html
+++ b/Allura/allura/templates/widgets/forge_form.html
@@ -16,6 +16,7 @@
specific language governing permissions and limitations
under the License.
-#}
+{% import 'allura:templates/jinja_master/lib.html' as lib with context %}
<form method="{{method}}"
{% if enctype %}enctype="{{enctype}}"{% endif %}
{% if target %}target="{{target}}"{% endif %}
@@ -53,4 +54,5 @@
{% endif %}
{% if widget.antispam %}{% for fld in g.antispam.extra_fields() %}
{{fld}}{% endfor %}{% endif %}
+ {{lib.csrf_token()}}
</form>