rattail/tailbone
2
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

Add global CSRF protection

Browse source
This commit is contained in:
Lance Edgar 2016-12-14 18:37:17 -06:00
parent ab09314ed3
commit 4ed522ae47
15 changed files with 28 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

1
tailbone/templates/shifts/lib.mako
View file

@ -5,6 +5,7 @@
<div class="timesheet-wrapper">
${form.begin(id='filter-form')}
${form.csrf_token()}
<table class="timesheet-header">
<tbody>

3
tailbone/templates/shifts/schedule_edit.mako
View file

@ -283,6 +283,7 @@
<%def name="edit_form()">
${h.form(url('schedule.edit'), id='schedule-form')}
${h.csrf_token(request)}
</%def>
<%def name="edit_tools()">
@ -299,6 +300,7 @@ ${timesheet_wrapper(edit_form=edit_form, edit_tools=edit_tools, context_menu=con
${edit_tools()}
${h.form(url('schedule.edit'), id="clear-schedule-form")}
${h.csrf_token(request)}
${h.hidden('clear-schedule', value='clear')}
${h.end_form()}
@ -318,6 +320,7 @@ ${h.end_form()}
and then new shifts will be created based on the week you specify.
</p>
${h.form(url('schedule.edit'), id='copy-schedule-form')}
${h.csrf_token(request)}
<label for="copy-week">Copy from week:</label>
${h.text('copy-week')}
${h.end_form()}