From 28d108332c4a970d1b4d204c21ea80d0b5502d91 Mon Sep 17 00:00:00 2001 From: Thorge Petersen <petersen@rz.uni-kiel.de> Date: Wed, 26 Jul 2023 13:14:16 +0200 Subject: [PATCH] Added csrf inputs in template forms. --- CHANGELOG.md | 4 ++++ .../templates/organization/snippets/organization_form.html | 1 + ckanext/odsh/templates/package/snippets/package_form.html | 1 + ckanext/odsh/templates/package/snippets/resource_form.html | 3 ++- ckanext/odsh/templates/user/edit_user_form.html | 1 + 5 files changed, 9 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 745e6591..8be04fba 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Added + +- Added csrf inputs in template forms. + ### Changed - Updated minimum CKAN version requirement from `2.9` to `2.10`. Please run `ckan db upgrade` after updating. diff --git a/ckanext/odsh/templates/organization/snippets/organization_form.html b/ckanext/odsh/templates/organization/snippets/organization_form.html index a14c1221..96f35243 100644 --- a/ckanext/odsh/templates/organization/snippets/organization_form.html +++ b/ckanext/odsh/templates/organization/snippets/organization_form.html @@ -1,6 +1,7 @@ {% import 'macros/form.html' as form %} <form id='organization-edit-form' class="dataset-form form-horizontal" method="post" data-module="basic-form" enctype="multipart/form-data"> + {{ h.csrf_input() }} {% block error_summary %} {{ form.errors(error_summary) }} {% endblock %} diff --git a/ckanext/odsh/templates/package/snippets/package_form.html b/ckanext/odsh/templates/package/snippets/package_form.html index 36005089..c3c08cb4 100644 --- a/ckanext/odsh/templates/package/snippets/package_form.html +++ b/ckanext/odsh/templates/package/snippets/package_form.html @@ -4,6 +4,7 @@ <form id="dataset-edit" class="dataset-form {% if(form_style=='edit') %} dataset-edit-form {%endif%} " method="post" action="{{ action }}" data-module="basic-form" novalidate> + {{ h.csrf_input() }} {% block stages %} {{ h.snippet('package/snippets/stages.html', stages=stage) }} {% endblock %} diff --git a/ckanext/odsh/templates/package/snippets/resource_form.html b/ckanext/odsh/templates/package/snippets/resource_form.html index fb3f99da..5adc1346 100644 --- a/ckanext/odsh/templates/package/snippets/resource_form.html +++ b/ckanext/odsh/templates/package/snippets/resource_form.html @@ -6,7 +6,8 @@ {% set action = form_action or h.url_for('resource.new', id=pkg_name) %} <form id="resource-edit" class="dataset-form dataset-resource-form {%if(data)%}resource-edit-form{%endif%}" method="post" action="{{ action }}" data-module="basic-form resource-form" enctype="multipart/form-data" novalidate> - {% block stages %} + {{ h.csrf_input() }} + {% block stages %} <div class='search-form'> <h2>{{ _('odsh Create Dataset') }}</h2> </div> diff --git a/ckanext/odsh/templates/user/edit_user_form.html b/ckanext/odsh/templates/user/edit_user_form.html index 3ed5777b..f288f1d9 100644 --- a/ckanext/odsh/templates/user/edit_user_form.html +++ b/ckanext/odsh/templates/user/edit_user_form.html @@ -1,6 +1,7 @@ {% import 'macros/form.html' as form %} <form id="user-edit-form" class="dataset-form form-horizontal" method="post" action="{{ action }}"> + {{ h.csrf_input() }} {{ form.errors(error_summary) }} <fieldset> -- GitLab