Mercurial > p > roundup > code

diff website/issues/html/file.item.html @ 5291:f63a2b15e628

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Adding @csrf tokens to all forms using post method.
author John Rouillard <rouilj@ieee.org>
date Sun, 24 Sep 2017 21:17:51 -0400
parents c2d0d3e9099d
children 53e9694788f5
line wrap: on
line diff
--- a/website/issues/html/file.item.html	Sun Sep 24 21:14:12 2017 -0400
+++ b/website/issues/html/file.item.html	Sun Sep 24 21:17:51 2017 -0400
@@ -66,6 +66,8 @@
        tal:attributes="action context/designator"
        tal:condition="python:request.user.hasPermission('SB: May Classify')">
  
+       <input name="@csrf" type="hidden"
+	      tal:attributes="value python:utils.anti_csrf_nonce()">
       <input type="hidden" name="@action" value="spambayes_classify">
       <input type="submit" name="trainspam" value="Mark as SPAM" i18n:attributes="value">
       <input type="submit" name="trainham" value="Mark as HAM (not SPAM)" i18n:attributes="value">
Roundup Issue Tracker: http://roundup-tracker.org/