Update default form rendering templates to be compatible with

zope.formlib's CSRF protection (still on a branch).
zopefoundation · Oct 4, 2013 · a5eda97 · a5eda97
1 parent 8836b5d
commit a5eda97
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 2 deletions.
diff --git a/buildout.cfg b/buildout.cfg
@@ -1,5 +1,7 @@
 [buildout]
-develop = .
+develop =
+  .
+  ../zope.formlib-csrfprotection
 parts = interpreter test
 extends = https://raw.github.com/zopefoundation/groktoolkit/master/grok.cfg
 versions = versions
@@ -8,6 +10,7 @@ extensions = buildout.dumppickedversions
 
 [versions]
 grokcore.formlib =
+zope.formlib =
 
 [interpreter]
 recipe = zc.recipe.egg

diff --git a/src/grokcore/formlib/templates/default_display_form.pt b/src/grokcore/formlib/templates/default_display_form.pt
@@ -26,7 +26,12 @@
     <tfoot>
       <tr class="controls">
         <td colspan="2" class="align-right">
-          <input tal:repeat="action view/actions" 
+          <input type="hidden"
+            name="___csrftoken__"
+            tal:condition="view/protected"
+            tal:attributes="value view/csrftoken"
+          />
+          <input tal:repeat="action view/actions"
             tal:replace="structure action/render" />
         </td>
       </tr>

diff --git a/src/grokcore/formlib/templates/default_edit_form.pt b/src/grokcore/formlib/templates/default_edit_form.pt
@@ -57,6 +57,11 @@
   </table>
 
   <div id="actionsView">
+    <input type="hidden"
+      name="___csrftoken__"
+      tal:condition="view/protected"
+      tal:attributes="value view/csrftoken"
+    />
     <span class="actionButtons" tal:condition="view/availableActions">
       <input tal:repeat="action view/actions"
              tal:replace="structure action/render"