diff options
author | Alexander Sulfrian <alex@spline.inf.fu-berlin.de> | 2014-11-18 05:47:53 +0100 |
---|---|---|
committer | Alexander Sulfrian <alex@spline.inf.fu-berlin.de> | 2014-11-19 02:15:56 +0100 |
commit | b51620eb9502997a2f55a485e55e0e73f6450449 (patch) | |
tree | 437a39393185ae9641112323621a23c32c6388bc | |
parent | bdb756fdc7e8391a786cf9e896ac78400b2d925e (diff) | |
download | padlite-teams-b51620eb9502997a2f55a485e55e0e73f6450449.tar.gz padlite-teams-b51620eb9502997a2f55a485e55e0e73f6450449.tar.bz2 padlite-teams-b51620eb9502997a2f55a485e55e0e73f6450449.zip |
forms: use Form from flask.ext.wtf as base for all forms
Form from flask.ext.wtf has automatic csfr handling included. We need to hide this
form fields but we get extra security for nothing more.
-rw-r--r-- | forms.py | 5 | ||||
-rw-r--r-- | templates/_formhelpers.html | 2 |
2 files changed, 4 insertions, 3 deletions
@@ -1,10 +1,11 @@ -from wtforms import From, HiddenField, validators +from wtforms import HiddenField, validators from utils import Unique from models import Group from wtfpeewee.orm import model_form +from flask.ext.wtf import Form -CreateGroup = model_form(Group, exclude=['api_id'], field_args={ +CreateGroup = model_form(Group, base_class=Form, exclude=['api_id'], field_args={ 'name': {'validators': [ validators.Required(), validators.Regexp('^[a-zA-Z1-9_-]+$', message=u'Invalid group name ' diff --git a/templates/_formhelpers.html b/templates/_formhelpers.html index e50f482..f0fe7fe 100644 --- a/templates/_formhelpers.html +++ b/templates/_formhelpers.html @@ -1,5 +1,5 @@ {% macro render_field(field) %} - {% if field.type == 'HiddenField' %} + {% if field.type in ['HiddenField', 'CSRFTokenField'] %} {{ field()|safe }} {% else %} <div class="form-group {% if field.errors %}has-error{% endif %}"> |