Add csrf_token input to dash, new, and site_files/new views

2025-04-24 17:22:35 +02:00 · 2013-06-22 16:10:47 -04:00 · 2013-06-22 16:10:47 -04:00 · bdfaf0022a
commit bdfaf0022a
parent 751a668725
3 changed files with 7 additions and 4 deletions
--- a/views/dashboard.slim
+++ b/views/dashboard.slim
@ -66,6 +66,7 @@ javascript:
        h4: a href="/site_files/#{current_site.username}.zip" Download Entire Site

 form method="POST" action="/site_files/delete" id="deleteFilenameForm"
+  input name="csrf_token" type="hidden" value="#{csrf_token}"
  input type="hidden" id="deleteFilenameInput" name="filename"

 .modal.hide.fade id="deleteConfirmModal" tabindex="-1" role="dialog" aria-labelledby="deleteConfirmModalLabel" aria-hidden="true"
--- a/views/new.slim
+++ b/views/new.slim
@ -14,9 +14,10 @@ javascript:

 .row
  .span8.offset3
-    form method="POST" action="/create"    
+    form method="POST" action="/create"
+      input name="csrf_token" type="hidden" value="#{csrf_token}"
      h2 Create a new Home Page
-    
+
      .row
        .span6
          p First, enter a username. This will also be used as your site path.<br><b>Do not forget this, it will be used to sign in to and manage your home page.</b><br>It cannot contain spaces, and can only use the following characters: a-z A-Z 0-9 _ -
@ -71,4 +72,4 @@ javascript:

      .row style="margin-top: 10px"
        .span3.offset1
-          input.btn.btn-success.btn-large type="submit" value="Create Home Page"
+          input.btn.btn-success.btn-large type="submit" value="Create Home Page"
--- a/views/site_files/new.slim
+++ b/views/site_files/new.slim
@ -13,6 +13,7 @@
 .row
  .span12.text-center
    form method="POST" action="/site_files/upload" enctype="multipart/form-data"
+      input name="csrf_token" type="hidden" value="#{csrf_token}"
      h4 Select a file from your computer:
      h4: input type="file" name="newfile"
      p: input.btn.btn-success.btn-large type="submit" value="Upload File"
@ -31,4 +32,4 @@
      h4 If the file already exists, <u><b>it will be overwritten without warning</b></u>.
      h4 It has to be <u>legal to share this content in the United States</u>.
      h4 It must fit into your home page space (5MB).
-      h4 The file uploader will automatically scrub any characters not matching: a-z A-Z 0-9 _ - .
+      h4 The file uploader will automatically scrub any characters not matching: a-z A-Z 0-9 _ - .