diff options
| author | Pami Ketolainen <pami.ketolainen@jollamobile.com> | 2014-03-13 10:06:06 +0200 |
|---|---|---|
| committer | Pami Ketolainen <pami.ketolainen@jollamobile.com> | 2014-03-18 13:36:47 +0200 |
| commit | 52fdb05db240ffac8ecc05e5684f517edc4071c1 (patch) | |
| tree | bd2b0893524be84c475ac25b6c777adfed738d6e | |
| parent | 0821a96efea80729aaa871fe4e0d3710fbea0a95 (diff) | |
| download | askbot-52fdb05db240ffac8ecc05e5684f517edc4071c1.tar.gz askbot-52fdb05db240ffac8ecc05e5684f517edc4071c1.tar.bz2 askbot-52fdb05db240ffac8ecc05e5684f517edc4071c1.zip | |
Add CSRF protection to comment_to_answer view
| -rw-r--r-- | askbot/templates/macros.html | 5 | ||||
| -rw-r--r-- | askbot/templates/question/answer_comments.html | 3 | ||||
| -rw-r--r-- | askbot/templates/question/question_comments.html | 3 | ||||
| -rw-r--r-- | askbot/views/writers.py | 1 |
4 files changed, 8 insertions, 4 deletions
diff --git a/askbot/templates/macros.html b/askbot/templates/macros.html index a17c808e..d6c3f7e8 100644 --- a/askbot/templates/macros.html +++ b/askbot/templates/macros.html @@ -388,7 +388,8 @@ for the purposes of the AJAX comment editor #} show_comment = None, show_comment_position = None, user=None, - max_comments=None + max_comments=None, + csrf_token=None ) -%} {% spaceless %} @@ -451,7 +452,7 @@ for the purposes of the AJAX comment editor #} accept-charset="utf-8" class='convert-comment' > - {% csrf_token %} + <input type="hidden" name="csrfmiddlewaretoken" value="{{ csrf_token }}"> <input type="hidden" value="{{comment.id}}" name="comment_id" id="id_comment_id"> <input type="submit" value="{% trans %}convert to answer{% endtrans %}"> </form> diff --git a/askbot/templates/question/answer_comments.html b/askbot/templates/question/answer_comments.html index e6b5e1c5..c0a0dfd8 100644 --- a/askbot/templates/question/answer_comments.html +++ b/askbot/templates/question/answer_comments.html @@ -5,6 +5,7 @@ show_comment = show_comment, show_comment_position = show_comment_position, user = request.user, - max_comments = settings.MAX_COMMENTS_TO_SHOW + max_comments = settings.MAX_COMMENTS_TO_SHOW, + csrf_token = csrf_token ) }} diff --git a/askbot/templates/question/question_comments.html b/askbot/templates/question/question_comments.html index e9d3f724..a05f6328 100644 --- a/askbot/templates/question/question_comments.html +++ b/askbot/templates/question/question_comments.html @@ -5,6 +5,7 @@ show_comment = show_comment, show_comment_position = show_comment_position, user = request.user, - max_comments = settings.MAX_COMMENTS_TO_SHOW + max_comments = settings.MAX_COMMENTS_TO_SHOW, + csrf_token = csrf_token ) }} diff --git a/askbot/views/writers.py b/askbot/views/writers.py index 9234c37f..28060b41 100644 --- a/askbot/views/writers.py +++ b/askbot/views/writers.py @@ -850,6 +850,7 @@ def delete_comment(request): ) @decorators.post_only +@csrf.csrf_protect def comment_to_answer(request): try: |