Mercurial > p > roundup > code
diff share/roundup/templates/devel/html/page.html @ 5207:4a157824f933
changes to try to deploy anti-csrf defense to other templates.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Sat, 18 Mar 2017 23:36:02 -0400 |
| parents | 882fa4d9bead |
| children | e2378b6afdb5 |
line wrap: on
line diff
--- a/share/roundup/templates/devel/html/page.html Sat Mar 18 23:34:41 2017 -0400 +++ b/share/roundup/templates/devel/html/page.html Sat Mar 18 23:36:02 2017 -0400 @@ -83,6 +83,8 @@ <input type="submit" class="form-small" value="Show bug:" i18n:attributes="value"/> <input class="form-small" size="4" type="text" name="@number"/> <input type="hidden" name="@type" value="bug"/> + <input name="@csrf" type="hidden" + tal:attributes="value python:utils.anti_csrf_nonce()"> <input type="hidden" name="@action" value="show"/> </form> </li> @@ -128,6 +130,8 @@ <input type="submit" class="form-small" value="Show task:" i18n:attributes="value"/> <input class="form-small" size="4" type="text" name="@number"/> <input type="hidden" name="@type" value="task"/> + <input name="@csrf" type="hidden" + tal:attributes="value python:utils.anti_csrf_nonce()"> <input type="hidden" name="@action" value="show"/> </form> </li> @@ -160,6 +164,8 @@ <tal:span i18n:translate="">Login</tal:span><br/> <input size="10" name="__login_name"/><br/> <input size="10" type="password" name="__login_password"/><br/> + <input name="@csrf" type="hidden" + tal:attributes="value python:utils.anti_csrf_nonce()"> <input type="hidden" name="@action" value="Login"/> <input type="checkbox" name="remember" id="remember"/> <label for="remember" i18n:translate="">Remember me?</label><br/>