diff --git a/CHANGELOG.md b/CHANGELOG.md index 745e6591813cf9192112409f22252d9a9e64d394..8be04fba1b4de9db94cdd54ae87988894df78d22 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Added + +- Added csrf inputs in template forms. + ### Changed - Updated minimum CKAN version requirement from `2.9` to `2.10`. Please run `ckan db upgrade` after updating. diff --git a/ckanext/odsh/templates/organization/snippets/organization_form.html b/ckanext/odsh/templates/organization/snippets/organization_form.html index a14c122168039edefcc90ee433631a25bd3d2cad..96f35243de5703483faf7a77304476288fae7b66 100644 --- a/ckanext/odsh/templates/organization/snippets/organization_form.html +++ b/ckanext/odsh/templates/organization/snippets/organization_form.html @@ -1,6 +1,7 @@ {% import 'macros/form.html' as form %} <form id='organization-edit-form' class="dataset-form form-horizontal" method="post" data-module="basic-form" enctype="multipart/form-data"> + {{ h.csrf_input() }} {% block error_summary %} {{ form.errors(error_summary) }} {% endblock %} diff --git a/ckanext/odsh/templates/package/snippets/package_form.html b/ckanext/odsh/templates/package/snippets/package_form.html index 36005089eb2dd40a0bc7c92d24cbc0e419d3615c..c3c08cb4f9e95ee7c4f1d7d41a20a858e146d776 100644 --- a/ckanext/odsh/templates/package/snippets/package_form.html +++ b/ckanext/odsh/templates/package/snippets/package_form.html @@ -4,6 +4,7 @@ <form id="dataset-edit" class="dataset-form {% if(form_style=='edit') %} dataset-edit-form {%endif%} " method="post" action="{{ action }}" data-module="basic-form" novalidate> + {{ h.csrf_input() }} {% block stages %} {{ h.snippet('package/snippets/stages.html', stages=stage) }} {% endblock %} diff --git a/ckanext/odsh/templates/package/snippets/resource_form.html b/ckanext/odsh/templates/package/snippets/resource_form.html index fb3f99da26600dad2dde9bea8327f385ae176a6c..5adc1346d6032eeb8a1feb4a8d50a982772abe7e 100644 --- a/ckanext/odsh/templates/package/snippets/resource_form.html +++ b/ckanext/odsh/templates/package/snippets/resource_form.html @@ -6,7 +6,8 @@ {% set action = form_action or h.url_for('resource.new', id=pkg_name) %} <form id="resource-edit" class="dataset-form dataset-resource-form {%if(data)%}resource-edit-form{%endif%}" method="post" action="{{ action }}" data-module="basic-form resource-form" enctype="multipart/form-data" novalidate> - {% block stages %} + {{ h.csrf_input() }} + {% block stages %} <div class='search-form'> <h2>{{ _('odsh Create Dataset') }}</h2> </div> diff --git a/ckanext/odsh/templates/user/edit_user_form.html b/ckanext/odsh/templates/user/edit_user_form.html index 3ed5777bdcc949c347d79c70391f12a5b9560b32..f288f1d919e4c3522f82e88654ad84488ffa9a49 100644 --- a/ckanext/odsh/templates/user/edit_user_form.html +++ b/ckanext/odsh/templates/user/edit_user_form.html @@ -1,6 +1,7 @@ {% import 'macros/form.html' as form %} <form id="user-edit-form" class="dataset-form form-horizontal" method="post" action="{{ action }}"> + {{ h.csrf_input() }} {{ form.errors(error_summary) }} <fieldset>