zydronium/neocities
1
0
Fork 0
mirror of https://github.com/neocities/neocities.git synced 2025-04-25 01:32:36 +02:00
Code Issues Projects Releases Packages Wiki Activity

Add csrf_token input to dash, new, and site_files/new views

Browse source
This commit is contained in:
mikeycgto 2013-06-22 16:10:47 -04:00
parent 751a668725
commit bdfaf0022a
3 changed files with 7 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
views/dashboard.slim
View file

@ -66,6 +66,7 @@ javascript:
h4: a href="/site_files/#{current_site.username}.zip" Download Entire Site h4: a href="/site_files/#{current_site.username}.zip" Download Entire Site
form method="POST" action="/site_files/delete" id="deleteFilenameForm" form method="POST" action="/site_files/delete" id="deleteFilenameForm"
input name="csrf_token" type="hidden" value="#{csrf_token}"
input type="hidden" id="deleteFilenameInput" name="filename" input type="hidden" id="deleteFilenameInput" name="filename"
.modal.hide.fade id="deleteConfirmModal" tabindex="-1" role="dialog" aria-labelledby="deleteConfirmModalLabel" aria-hidden="true" .modal.hide.fade id="deleteConfirmModal" tabindex="-1" role="dialog" aria-labelledby="deleteConfirmModalLabel" aria-hidden="true"

1
views/new.slim
View file

@ -15,6 +15,7 @@ javascript:
.row .row
.span8.offset3 .span8.offset3
form method="POST" action="/create" form method="POST" action="/create"
input name="csrf_token" type="hidden" value="#{csrf_token}"
h2 Create a new Home Page h2 Create a new Home Page
.row .row

1
views/site_files/new.slim
View file

@ -13,6 +13,7 @@
.row .row
.span12.text-center .span12.text-center
form method="POST" action="/site_files/upload" enctype="multipart/form-data" form method="POST" action="/site_files/upload" enctype="multipart/form-data"
input name="csrf_token" type="hidden" value="#{csrf_token}"
h4 Select a file from your computer: h4 Select a file from your computer:
h4: input type="file" name="newfile" h4: input type="file" name="newfile"
p: input.btn.btn-success.btn-large type="submit" value="Upload File" p: input.btn.btn-success.btn-large type="submit" value="Upload File"