diff options
author | Pami Ketolainen <pami.ketolainen@jollamobile.com> | 2014-03-26 10:36:15 +0200 |
---|---|---|
committer | Pami Ketolainen <pami.ketolainen@jollamobile.com> | 2014-03-26 10:46:39 +0200 |
commit | 09e39545c5c5cd0319cfdc603e951a5ae42f063f (patch) | |
tree | dc7d72c3be80377470dd02492fa263bf8e551f67 | |
parent | ca05358f9f7a423bbd5c57ef272ea22d2170c348 (diff) | |
download | askbot-09e39545c5c5cd0319cfdc603e951a5ae42f063f.tar.gz askbot-09e39545c5c5cd0319cfdc603e951a5ae42f063f.tar.bz2 askbot-09e39545c5c5cd0319cfdc603e951a5ae42f063f.zip |
Add CSRF token in comments loaded via Javascript
-rw-r--r-- | askbot/media/js/utils.js | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/askbot/media/js/utils.js b/askbot/media/js/utils.js index 64932ccd..ef4309bd 100644 --- a/askbot/media/js/utils.js +++ b/askbot/media/js/utils.js @@ -277,6 +277,19 @@ var notify = function() { }; }(); +/* + * CSRF token extractor + */ +var getCSRFToken = function() { + var re = /_csrf=([^;]*)/; + var match = re.exec(document.cookie); + if(match) + return match[1]; + else + return '' +} + + /* **************************************************** */ // Search query-string manipulation utils /* **************************************************** */ @@ -1374,6 +1387,12 @@ CommentConvertLink.prototype.createDom = function(){ hidden_input.attr('id', 'id_comment_id'); element.append(hidden_input); + var csrf_token = this.makeElement('input'); + csrf_token.attr('type', 'hidden'); + csrf_token.attr('name', 'csrfmiddlewaretoken'); + csrf_token.attr('value', getCSRFToken()); + element.append(csrf_token); + var submit = this.makeElement('input'); submit.attr('type', 'submit'); submit.attr('value', gettext('convert to answer')); |