From 28d108332c4a970d1b4d204c21ea80d0b5502d91 Mon Sep 17 00:00:00 2001
From: Thorge Petersen <petersen@rz.uni-kiel.de>
Date: Wed, 26 Jul 2023 13:14:16 +0200
Subject: [PATCH] Added csrf inputs in template forms.

---
 CHANGELOG.md                                                  | 4 ++++
 .../templates/organization/snippets/organization_form.html    | 1 +
 ckanext/odsh/templates/package/snippets/package_form.html     | 1 +
 ckanext/odsh/templates/package/snippets/resource_form.html    | 3 ++-
 ckanext/odsh/templates/user/edit_user_form.html               | 1 +
 5 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 745e6591..8be04fba 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Added
+
+- Added csrf inputs in template forms.
+
 ### Changed
 
 - Updated minimum CKAN version requirement from `2.9` to `2.10`. Please run `ckan db upgrade` after updating.
diff --git a/ckanext/odsh/templates/organization/snippets/organization_form.html b/ckanext/odsh/templates/organization/snippets/organization_form.html
index a14c1221..96f35243 100644
--- a/ckanext/odsh/templates/organization/snippets/organization_form.html
+++ b/ckanext/odsh/templates/organization/snippets/organization_form.html
@@ -1,6 +1,7 @@
 {% import 'macros/form.html' as form %}
 
 <form id='organization-edit-form' class="dataset-form form-horizontal" method="post" data-module="basic-form" enctype="multipart/form-data">
+  {{ h.csrf_input() }}
   {% block error_summary %}
     {{ form.errors(error_summary) }}
   {% endblock %}
diff --git a/ckanext/odsh/templates/package/snippets/package_form.html b/ckanext/odsh/templates/package/snippets/package_form.html
index 36005089..c3c08cb4 100644
--- a/ckanext/odsh/templates/package/snippets/package_form.html
+++ b/ckanext/odsh/templates/package/snippets/package_form.html
@@ -4,6 +4,7 @@
 
 <form id="dataset-edit" class="dataset-form {% if(form_style=='edit') %} dataset-edit-form {%endif%} " method="post"
   action="{{ action }}" data-module="basic-form" novalidate>
+  {{ h.csrf_input() }}
   {% block stages %}
   {{ h.snippet('package/snippets/stages.html', stages=stage) }}
   {% endblock %}
diff --git a/ckanext/odsh/templates/package/snippets/resource_form.html b/ckanext/odsh/templates/package/snippets/resource_form.html
index fb3f99da..5adc1346 100644
--- a/ckanext/odsh/templates/package/snippets/resource_form.html
+++ b/ckanext/odsh/templates/package/snippets/resource_form.html
@@ -6,7 +6,8 @@
 {% set action = form_action or h.url_for('resource.new', id=pkg_name) %}
 
 <form id="resource-edit" class="dataset-form dataset-resource-form {%if(data)%}resource-edit-form{%endif%}" method="post" action="{{ action }}" data-module="basic-form resource-form" enctype="multipart/form-data" novalidate>
-	{% block stages %}
+	{{ h.csrf_input() }}
+  {% block stages %}
 		<div class='search-form'>
 			<h2>{{ _('odsh Create Dataset') }}</h2>
 		</div>
diff --git a/ckanext/odsh/templates/user/edit_user_form.html b/ckanext/odsh/templates/user/edit_user_form.html
index 3ed5777b..f288f1d9 100644
--- a/ckanext/odsh/templates/user/edit_user_form.html
+++ b/ckanext/odsh/templates/user/edit_user_form.html
@@ -1,6 +1,7 @@
 {% import 'macros/form.html' as form %}
 
 <form id="user-edit-form" class="dataset-form form-horizontal" method="post" action="{{ action }}">
+  {{ h.csrf_input() }}
   {{ form.errors(error_summary) }}
 
   <fieldset>
-- 
GitLab