Add CSRF token in comments loaded via Javascript

1 files changed, 19 insertions, 0 deletions

diff --git a/askbot/media/js/utils.js b/askbot/media/js/utils.js
index 64932ccd..ef4309bd 100644
--- a/askbot/media/js/utils.js
+++ b/askbot/media/js/utils.js
@@ -277,6 +277,19 @@ var notify = function() {
     };
 }();
 
+/*
+ * CSRF token extractor
+ */
+var getCSRFToken = function() {
+    var re = /_csrf=([^;]*)/;
+    var match = re.exec(document.cookie);
+    if(match)
+        return match[1];
+    else
+        return ''
+}
+
+
 /* **************************************************** */
 // Search query-string manipulation utils
 /* **************************************************** */
@@ -1374,6 +1387,12 @@ CommentConvertLink.prototype.createDom = function(){
     hidden_input.attr('id', 'id_comment_id');
     element.append(hidden_input);
 
+    var csrf_token = this.makeElement('input');
+    csrf_token.attr('type', 'hidden');
+    csrf_token.attr('name', 'csrfmiddlewaretoken');
+    csrf_token.attr('value', getCSRFToken());
+    element.append(csrf_token);
+
     var submit = this.makeElement('input');
     submit.attr('type', 'submit');
     submit.attr('value', gettext('convert to answer'));