From bdfaf0022aeb124ce92c6edd159a820b4e3f2ad3 Mon Sep 17 00:00:00 2001
From: mikeycgto <mikeycgto@gmail.com>
Date: Sat, 22 Jun 2013 16:10:47 -0400
Subject: [PATCH] Add csrf_token input to dash, new, and site_files/new views

---
 views/dashboard.slim      | 1 +
 views/new.slim            | 7 ++++---
 views/site_files/new.slim | 3 ++-
 3 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/views/dashboard.slim b/views/dashboard.slim
index 6a59a2df..d30ab1ed 100644
--- a/views/dashboard.slim
+++ b/views/dashboard.slim
@@ -66,6 +66,7 @@ javascript:
         h4: a href="/site_files/#{current_site.username}.zip" Download Entire Site
 
 form method="POST" action="/site_files/delete" id="deleteFilenameForm"
+  input name="csrf_token" type="hidden" value="#{csrf_token}"
   input type="hidden" id="deleteFilenameInput" name="filename"
 
 .modal.hide.fade id="deleteConfirmModal" tabindex="-1" role="dialog" aria-labelledby="deleteConfirmModalLabel" aria-hidden="true"
diff --git a/views/new.slim b/views/new.slim
index 7355fa9b..f94b8a69 100644
--- a/views/new.slim
+++ b/views/new.slim
@@ -14,9 +14,10 @@ javascript:
 
 .row
   .span8.offset3
-    form method="POST" action="/create"    
+    form method="POST" action="/create"
+      input name="csrf_token" type="hidden" value="#{csrf_token}"
       h2 Create a new Home Page
-    
+
       .row
         .span6
           p First, enter a username. This will also be used as your site path.<br><b>Do not forget this, it will be used to sign in to and manage your home page.</b><br>It cannot contain spaces, and can only use the following characters: a-z A-Z 0-9 _ -
@@ -71,4 +72,4 @@ javascript:
 
       .row style="margin-top: 10px"
         .span3.offset1
-          input.btn.btn-success.btn-large type="submit" value="Create Home Page"
\ No newline at end of file
+          input.btn.btn-success.btn-large type="submit" value="Create Home Page"
diff --git a/views/site_files/new.slim b/views/site_files/new.slim
index f53d9447..36ac46f9 100644
--- a/views/site_files/new.slim
+++ b/views/site_files/new.slim
@@ -13,6 +13,7 @@
 .row
   .span12.text-center
     form method="POST" action="/site_files/upload" enctype="multipart/form-data"
+      input name="csrf_token" type="hidden" value="#{csrf_token}"
       h4 Select a file from your computer:
       h4: input type="file" name="newfile"
       p: input.btn.btn-success.btn-large type="submit" value="Upload File"
@@ -31,4 +32,4 @@
       h4 If the file already exists, <u><b>it will be overwritten without warning</b></u>.
       h4 It has to be <u>legal to share this content in the United States</u>.
       h4 It must fit into your home page space (5MB).
-      h4 The file uploader will automatically scrub any characters not matching: a-z A-Z 0-9 _ - .
\ No newline at end of file
+      h4 The file uploader will automatically scrub any characters not matching: a-z A-Z 0-9 _ - .