CSRF tokens now added to the forms

brettgoulder · Mar 3, 2010 · 1cf5102 · 1cf5102
1 parent a56f5e1
commit 1cf5102
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/smuggler/templates/smuggler/load_data_form.html b/smuggler/templates/smuggler/load_data_form.html
@@ -30,6 +30,7 @@ <h1>{% trans "Load data" %}</h1>
 
 <div>
   <form enctype="multipart/form-data" method="post" action="">
+    {% csrf_token %}
     <div>
       {% if import_file_form.errors %}
         <p class="errornote">{% trans "Please correct the error below." %}</p>
@@ -68,6 +69,7 @@ <h1>{% trans "Load data" %}</h1>
   {% if files_available %}
     <div>
       <form method="post" action="">
+        {% csrf_token %}
         <div class="inline-group">
           {% comment %}
             # TODO: implement this error message

diff --git a/smuggler/views.py b/smuggler/views.py
@@ -89,8 +89,9 @@ def load_data(request):
                     file_data = uploaded_file.read()
                 data.append((file_format, file_data))
         elif request.POST.has_key('_loadfromdisk'):
-            query_dict = request.POST.copy()
+            query_dict = request.POST.copy()        
             del(query_dict['_loadfromdisk'])
+            del(query_dict['csrfmiddlewaretoken'])
             selected_files = query_dict.values()
             for file_name in selected_files:
                 file_path = os.path.join(SMUGGLER_FIXTURE_DIR, file_name)