Skip to content
Browse files

CSRF protection

  • Loading branch information...
1 parent e1e5a2c commit 1a16fa05c597f5ad69a7577965cf5e102326c6fc myfreeweb committed
Showing with 6 additions and 0 deletions.
  1. +1 −0 Gemfile
  2. +3 −0 Gemfile.lock
  3. +1 −0 views/pages.haml
  4. +1 −0 views/settings.haml
View
1 Gemfile
@@ -5,6 +5,7 @@ gem 'compass'
gem 'dropbox'
gem 'sequel'
gem 'rack-flash'
+gem 'rack_csrf'
gem 'rdiscount'
gem 'RedCloth'
group :development do
View
3 Gemfile.lock
@@ -22,6 +22,8 @@ GEM
rack (1.2.1)
rack-flash (0.1.1)
rack
+ rack_csrf (2.1.0)
+ rack (>= 0.9)
rdiscount (1.6.8)
ruby-debug (0.10.4)
columnize (>= 0.1)
@@ -47,6 +49,7 @@ DEPENDENCIES
haml
pg
rack-flash
+ rack_csrf
rdiscount
ruby-debug
sequel
View
1 views/pages.haml
@@ -19,6 +19,7 @@
%a{:href => "/pages/#{@cur_page[:name]}/delete"} delete
%section#body= wikify(@cur_page)
%form{:method => "post", :action => ""}
+ = csrf_tag
%textarea{:name => "text"}= @cur_page[:text]
%button{:type => "submit"} Save
= haml :js
View
1 views/settings.haml
@@ -7,6 +7,7 @@
= haml :header
%h1 Settings
%form{:method => "post", :action => ""}
+ = csrf_tag
%label{:for => "folder"} Folder
%input{:name => "folder", :type => "text", :value => @user.folder}
%label{:for => "indexfile"}

0 comments on commit 1a16fa0

Please sign in to comment.
Something went wrong with that request. Please try again.