Skip to content
This repository has been archived by the owner on Feb 17, 2023. It is now read-only.

Commit

Permalink
add csrf tokens
Browse files Browse the repository at this point in the history
  • Loading branch information
@thraxil
thraxil committed Feb 8, 2023
1 parent ad6adf4 commit d2a35ad
Show file tree
Hide file tree
Showing 7 changed files with 68 additions and 62 deletions.
5 changes: 3 additions & 2 deletions mithras/templates/abraxas/add_post.html
View file
Expand Up @@ -12,8 +12,9 @@

{% block content %}

<form action="." method="post">
{% if node_id %}<input type="hidden" name="node_id" value="{{node_id}}" />{% endif %}
<form action="." method="post">
{% csrf_token %}
{% if node_id %}<input type="hidden" name="node_id" value="{{node_id}}" />{% endif %}
<table>
<tr>
<th>title</th>
Expand Down
9 changes: 5 additions & 4 deletions mithras/templates/abraxas/comment.html
View file
Expand Up @@ -21,10 +21,11 @@ <h2>Reply to: <a href="{{node.get_absolute_url}}">{{ node.title }}</a></h2>
</div>

{% if node.comments_allowed %}
<div id="comment-form">
<form action="{{ node.get_absolute_url }}add_comment/"
method="post" onsubmit="return commentSubmit()">
<input type="hidden" name="reply_to" value="{{ comment.id }}" />
<div id="comment-form">
<form action="{{ node.get_absolute_url }}add_comment/"
method="post" onsubmit="return commentSubmit()">
{% csrf_token %}
<input type="hidden" name="reply_to" value="{{ comment.id }}" />
<textarea name="content" id="comment-textarea"></textarea><br />
<p style="font-size: .8em;">formatting is
with Markdown syntax.
Expand Down
3 changes: 2 additions & 1 deletion mithras/templates/abraxas/edit_post.html
View file
Expand Up @@ -13,7 +13,8 @@

<a href="{% url 'delete-node' node.id %}">Delete</a>

<form action="." method="post">
<form action="." method="post">
{% csrf_token %}
<table>
<tr>
<th>title</th>
Expand Down
98 changes: 49 additions & 49 deletions mithras/templates/abraxas/node.html
View file
Expand Up @@ -6,14 +6,14 @@

{% block breadcrumbs %}

<a href="/">//thraxil.org</a>/<a href="/users/">users</a>/<a href="{{ node.user.get_absolute_url }}">{{ node.user.username }}</a>/<a href="{{ node.user.get_absolute_url }}{{node.type}}s/">{{ node.type }}s</a>/<a href="{{ node.user.get_absolute_url }}{{node.type}}s/{{node.created.year}}/">{{ node.created.year }}</a>/<a href="{{node.user.get_absolute_url}}{{node.type}}s/{{node.created.year}}/{{node.created.month}}/">{{ node.created.month}}</a>/<a href="{{node.user.get_absolute_url}}{{node.type}}s/{{node.created.year}}/{{node.created.month}}/{{node.created.day}}/">{{ node.created.day }}</a>/{{node.slug}}/
<a href="/">//thraxil.org</a>/<a href="/users/">users</a>/<a href="{{ node.user.get_absolute_url }}">{{ node.user.username }}</a>/<a href="{{ node.user.get_absolute_url }}{{node.type}}s/">{{ node.type }}s</a>/<a href="{{ node.user.get_absolute_url }}{{node.type}}s/{{node.created.year}}/">{{ node.created.year }}</a>/<a href="{{node.user.get_absolute_url}}{{node.type}}s/{{node.created.year}}/{{node.created.month}}/">{{ node.created.month}}</a>/<a href="{{node.user.get_absolute_url}}{{node.type}}s/{{node.created.year}}/{{node.created.month}}/{{node.created.day}}/">{{ node.created.day }}</a>/{{node.slug}}/
{% endblock %}

{% block nav %}
{% if not request.user.is_anonymous %}
<a href="/edit_post/{{node.id}}/">edit</a>|
{% endif %}
history
{% if not request.user.is_anonymous %}
<a href="/edit_post/{{node.id}}/">edit</a>|
{% endif %}
history
{% endblock %}

{% block content %}
Expand Down Expand Up @@ -56,50 +56,50 @@ <h3>comments</h3>
{{ comment.body|cmarkdown:"codehilite"|safe }}


{% if comment.has_replies %}
{{ comment.replies_html|safe }}
{% endif %}

</div>
{% endfor %}
</div>
{% endif %}

{% if node.comments_allowed %}
<div id="comment-form">
<form action="{{ node.get_absolute_url }}add_comment/"
method="post" onsubmit="return commentSubmit()">

<input type="text" name="name" value=""
placeholder="if you can see this, leave it blank"
id="name-decoy"
/>

<textarea name="content" id="comment-textarea"></textarea><br />
<p style="font-size: .8em;">formatting is
with Markdown syntax. Comments are not displayed until they are approved by a
moderator. Moderators will not approve unless the comment
contributes value to the discussion.</p>
<table>
<tr><th>name</th><td><input type="text" name="horse"
id="comment-name"/></td><td>required</td></tr>
<tr><th>email</th><td><input type="text" name="email"
id="comment-email"/></td><td>required</td></tr>
<tr><th>url</th><td><input type="text" name="url"
id="comment-url"/></td><td></td></tr>
<tr><th></th><td><input type="checkbox" checked="checked"
name="remember" id="comment-remember"
/>
remember info?
</td><td></td></tr>
</table><br />
<input type="submit" value="preview comment" />
</form>
</div>
<div class="clear"></div>
{% endif %}

</div>
{% if comment.has_replies %}
{{ comment.replies_html|safe }}
{% endif %}

</div>
{% endfor %}
</div>
{% endif %}

{% if node.comments_allowed %}
<div id="comment-form">
<form action="{{ node.get_absolute_url }}add_comment/"
method="post" onsubmit="return commentSubmit()">
{% csrf_token %}
<input type="text" name="name" value=""
placeholder="if you can see this, leave it blank"
id="name-decoy"
/>

<textarea name="content" id="comment-textarea"></textarea><br />
<p style="font-size: .8em;">formatting is
with Markdown syntax. Comments are not displayed until they are approved by a
moderator. Moderators will not approve unless the comment
contributes value to the discussion.</p>
<table>
<tr><th>name</th><td><input type="text" name="horse"
id="comment-name"/></td><td>required</td></tr>
<tr><th>email</th><td><input type="text" name="email"
id="comment-email"/></td><td>required</td></tr>
<tr><th>url</th><td><input type="text" name="url"
id="comment-url"/></td><td></td></tr>
<tr><th></th><td><input type="checkbox" checked="checked"
name="remember" id="comment-remember"
/>
remember info?
</td><td></td></tr>
</table><br />
<input type="submit" value="preview comment" />
</form>
</div>
<div class="clear"></div>
{% endif %}

</div>


{% endblock %}
1 change: 1 addition & 0 deletions mithras/templates/abraxas/node_confirm_delete.html
View file
@@ -1,4 +1,5 @@
<form action="" method="post">{% csrf_token %}
{% csrf_token %}
<p>Are you sure you want to delete "{{ object }}"?</p>
<input type="submit" value="Confirm" />
</form>
5 changes: 3 additions & 2 deletions mithras/templates/abraxas/pending.html
View file
Expand Up @@ -9,8 +9,9 @@
{% endblock %}

{% block content %}
<form action="delete/" method="post">
<input type="submit" value="delete all pending comments" />
<form action="delete/" method="post">
{% csrf_token %}
<input type="submit" value="delete all pending comments" />
</form>

<table>
Expand Down
9 changes: 5 additions & 4 deletions mithras/templates/abraxas/preview.html
View file
Expand Up @@ -12,10 +12,11 @@ <h1>Preview of Comment:</h1>
{{ content|cmarkdown:"codehilite"|safe }}


<div id="comment-form">
<form action="{{ node.get_absolute_url }}add_comment/"
method="post" onsubmit="return commentSubmit()">
<input type="hidden" name="original_referer" value="{{ original_referer }}" />
<div id="comment-form">
<form action="{{ node.get_absolute_url }}add_comment/"
method="post" onsubmit="return commentSubmit()">
{% csrf_token %}
<input type="hidden" name="original_referer" value="{{ original_referer }}" />
<input type="hidden" name="reply_to" value="{{ reply_to }}" />
<input type="text" name="name" value=""
placeholder="if you can see this, leave it blank"
Expand Down

0 comments on commit d2a35ad

Please sign in to comment.