Browse files

Make all of the forms actually work

From the point where we moved to Rails, the forms weren't working
outside of automated tests. This is because we didn't have the CSRF
token set inside each form, but - unless you were paying close attention
- it looked like it had succeeded because the CSRF error triggered
an OAuth loop which ended in the user being shown the homepage, rather
than any kind of error.

By using the form_tag helper, we get the CSRF token (authenticity_token)
and UTF8 detection magic to boot.
  • Loading branch information...
1 parent 52f2cd3 commit 7fe02768431153e5288d52bece51ed0c0d7302a3 @jamiecobbett jamiecobbett committed Oct 30, 2012
Showing with 2 additions and 3 deletions.
  1. +2 −3 app/views/layouts/formlayout.erb
5 app/views/layouts/formlayout.erb
@@ -20,15 +20,14 @@
<div id="form" role="main">
<%= render @header_message %>
- <form name="input" method="post" enctype="multipart/form-data">
+ <%= form_tag "" do %>
<%= render "author" %>
<%= yield %>
<input id="submit" type="submit" value="Submit">
- </form>
+ <% end %>
<div class="toclear"></div>

0 comments on commit 7fe0276

Please sign in to comment.