My favorites
▼
|
Sign in
django-forum
Simple Django Forum Component
Project Home
Wiki
Issues
Source
Export to GitHub
READ-ONLY: This project has been
archived
. For more information see
this post
.
Search
Search within:
All issues
Open issues
New issues
Issues to verify
for
Advanced search
Search tips
Subscriptions
Issue
91
attachment: CSRF-1.2-style.diff
(5.0 KB)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
diff -r 1097639b3aa1 -r 6beca1ba595b forum/templates/forum/newthread.html
--- a/forum/templates/forum/newthread.html Mon Oct 18 10:52:34 2010 +0200
+++ b/forum/templates/forum/newthread.html Mon Oct 18 12:12:36 2010 +0200
@@ -16,7 +16,7 @@
{% block content %}
<h2>{% trans "Create a Thread" %}</h2>
-<form method='post' action='./'>
+<form method='post' action='./'>{% csrf_token %}
{% if form.errors %}<ul>{{ form.errors.as_ul }}</ul>{% endif %}
<p><label>{% trans "Posting As" %}</label><span>{{ user.username }}</span></p>
{{ form.as_p }}
diff -r 1097639b3aa1 -r 6beca1ba595b forum/templates/forum/reply.html
--- a/forum/templates/forum/reply.html Mon Oct 18 10:52:34 2010 +0200
+++ b/forum/templates/forum/reply.html Mon Oct 18 12:12:36 2010 +0200
@@ -11,7 +11,7 @@
{% block content %}
<h2>{% trans "Reply to Thread" %}</h2>
-<form method='post' action='./'>
+<form method='post' action='./'>{% csrf_token %}
{% if form.errors %}<ul>{{ form.errors.as_ul }}</ul>{% endif %}
<p><label>{% trans "Posting As" %}</label><span>{{ user.username }}</span></p>
{{ form.as_p }}
diff -r 1097639b3aa1 -r 6beca1ba595b forum/templates/forum/thread.html
--- a/forum/templates/forum/thread.html Mon Oct 18 10:52:34 2010 +0200
+++ b/forum/templates/forum/thread.html Mon Oct 18 12:12:36 2010 +0200
@@ -36,7 +36,7 @@
<p>{% trans "Sorry, this thread is closed. No further replies are permitted." %}</p>
{% else %}
{% if user.is_authenticated %}
-<form method='post' action='reply/'>
+<form method='post' action='reply/'>{% csrf_token %}
<p><label>{% trans "Posting As" %}</label><span>{{ user.username }}</span></p>
{{ form.as_p }}
<input type='submit' value='{% trans "Submit" %}' />
diff -r 1097639b3aa1 -r 6beca1ba595b forum/templates/forum/thread_list.html
--- a/forum/templates/forum/thread_list.html Mon Oct 18 10:52:34 2010 +0200
+++ b/forum/templates/forum/thread_list.html Mon Oct 18 12:12:36 2010 +0200
@@ -68,7 +68,7 @@
<h2>{% trans "Create a Thread" %}</h2>
{% if user.is_authenticated %}
-<form method='post' action='new/'>
+<form method='post' action='new/'>{% csrf_token %}
<p><label>{% trans "Posting As" %}</label><span>{{ user.username }}</span></p>
{{ form.as_p }}
<p><input type='submit' value='{% trans "Post" %}' /></p>
diff -r 1097639b3aa1 -r 6beca1ba595b forum/templates/forum/updatesubs.html
--- a/forum/templates/forum/updatesubs.html Mon Oct 18 10:52:34 2010 +0200
+++ b/forum/templates/forum/updatesubs.html Mon Oct 18 12:12:36 2010 +0200
@@ -10,7 +10,7 @@
{% if not subs %}
<p>{% trans "No subscriptions." %}</p>
{% else %}
-<form method='post' action='./'>
+<form method='post' action='./'>{% csrf_token %}
<table id='djangoForumThreadList'>
<tr>
diff -r 1097639b3aa1 -r 6beca1ba595b forum/views.py
--- a/forum/views.py Mon Oct 18 10:52:34 2010 +0200
+++ b/forum/views.py Mon Oct 18 12:12:36 2010 +0200
@@ -15,6 +15,7 @@
from django.core.urlresolvers import reverse
from django.utils.translation import ugettext as _
from django.views.generic.list_detail import object_list
+from django.core.context_processors import csrf
from forum.models import Forum,Thread,Post,Subscription
from forum.forms import CreateThreadForm, ReplyForm
@@ -37,6 +38,8 @@
f = Forum.objects.for_groups(request.user.groups.all()).select_related().get(slug=slug)
except Forum.DoesNotExist:
raise Http404
+ c = {}
+ c.update(csrf(request))
form = CreateThreadForm()
child_forums = f.child.for_groups(request.user.groups.all())
@@ -49,6 +52,7 @@
'forum': f,
'child_forums': child_forums,
'form': form,
+ 'csrf': c,
})
def thread(request, thread):
@@ -62,6 +66,8 @@
raise Http404
except Thread.DoesNotExist:
raise Http404
+ c = {}
+ c.update(csrf(request))
p = t.post_set.select_related('author').all().order_by('time')
s = None
@@ -88,6 +94,7 @@
'thread': t,
'subscription': s,
'form': form,
+ 'csrf': c,
})
def reply(request, thread):
@@ -102,6 +109,8 @@
return HttpResponseServerError()
if not Forum.objects.has_access(t.forum, request.user.groups.all()):
return HttpResponseForbidden()
+ c = {}
+ c.update(csrf(request))
if request.method == "POST":
form = ReplyForm(request.POST)
@@ -180,6 +189,8 @@
return HttpResponseRedirect('%s?next=%s' % (LOGIN_URL, request.path))
f = get_object_or_404(Forum, slug=forum)
+ c = {}
+ c.update(csrf(request))
if not Forum.objects.has_access(f, request.user.groups.all()):
return HttpResponseForbidden()
@@ -223,6 +234,8 @@
"""
if not request.user.is_authenticated():
return HttpResponseRedirect('%s?next=%s' % (LOGIN_URL, request.path))
+ c = {}
+ c.update(csrf(request))
subs = Subscription.objects.select_related().filter(author=request.user)
Powered by
Google Project Hosting