Use csrf token in each form.
Due to the removal of the CsrfMiddleware in Django 1.4, it is required to use {% csrf_token %} in all forms.
This commit is contained in:
parent
172f31e990
commit
c2132accd6
|
@ -1,6 +1,7 @@
|
|||
{% load i18n %}
|
||||
<div>
|
||||
<form method="post" action="">
|
||||
{% csrf_token %}
|
||||
{{ form.as_p }}
|
||||
<input type="submit" name="{{ submit_name }}" value="{% trans "Log in" %}"/>
|
||||
</form>
|
||||
|
|
|
@ -22,6 +22,7 @@
|
|||
<p>
|
||||
<h5>{% trans "Add a federation?" %}</h5>
|
||||
<form method="post" action="">
|
||||
{% csrf_token %}
|
||||
{{ form.as_p }}
|
||||
<input type="submit" name="{{ submit_name }}" value="{% trans "Log in" %}"/>
|
||||
</form>
|
||||
|
|
|
@ -23,7 +23,7 @@
|
|||
{% endifequal %}
|
||||
{% ifequal trust_root_valid "DISCOVERY_FAILED" %}
|
||||
<p>The site <tt>{{ trust_root|escape }}</tt> has requested verification
|
||||
of your OpenID. However, <tt>{{ trust_root|escape }}</tt> does not
|
||||
of your OpenID. However, <tt>{{ trust_root|escape }}</tt> does not
|
||||
implement OpenID 2.0's relying party verification mechanism. Please use
|
||||
extra caution in deciding whether to release information to this party,
|
||||
and ask <tt>{{ trust_root|escape }}</tt> to implement relying party
|
||||
|
@ -32,7 +32,8 @@
|
|||
|
||||
<!-- trust_root_valid is {{ trust_root_valid }} -->
|
||||
|
||||
<form method="post" action="{% url openid-provider-decide %}">{% csrf_token %}
|
||||
<form method="post" action="{% url openid-provider-decide %}">
|
||||
{% csrf_token %}
|
||||
{% if required %}
|
||||
<p>
|
||||
It requires the following attributes:
|
||||
|
|
|
@ -9,6 +9,7 @@
|
|||
<p>* {% trans "Log in to link your certificate with an existing account" %}</p>
|
||||
<div id="login-actions">
|
||||
<form id="login-form" method="post" action="post_account_linking">
|
||||
{% csrf_token %}
|
||||
<ul class="errorlist">
|
||||
{% for error in form.non_field_errors %}
|
||||
<li>{{ error|escape }}</li>
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
{% load i18n %}
|
||||
<div>
|
||||
<form method="post" action="">
|
||||
{% csrf_token %}
|
||||
{{ form.as_p }}
|
||||
<input type="submit" name="{{ submit_name }}" value="{% trans "Log in" %}"/>
|
||||
{% if cancel %}
|
||||
|
|
|
@ -11,6 +11,7 @@ One Time password authentication method.
|
|||
|
||||
<div>
|
||||
<form method="post" action="">
|
||||
{% csrf_token %}
|
||||
{{ form.as_p }}
|
||||
<input type="submit" name="{{ submit_name }}" value="{% trans "Log in" %}"/>
|
||||
{% if cancel %}
|
||||
|
|
|
@ -7,6 +7,7 @@
|
|||
{% endif %}
|
||||
|
||||
<form id="openid_form" method="post" action="">
|
||||
{% csrf_token %}
|
||||
<input type="hidden" name="action" value="verify" />
|
||||
<div id="openid_choice">
|
||||
<p>{% trans "Please select your account provider:" %}</p>
|
||||
|
@ -30,4 +31,3 @@ $(document).ready(function() {
|
|||
});
|
||||
</script>
|
||||
</div>
|
||||
|
||||
|
|
|
@ -4,6 +4,7 @@
|
|||
{% trans "Use a self-generated X509 certificate to log in." %}
|
||||
</p>
|
||||
<form method="post" action="">
|
||||
{% csrf_token %}
|
||||
{{ form.as_p }}
|
||||
<input type="submit" name="{{ submit_name }}" value="{% trans "Log in" %}"/>
|
||||
{% if cancel %}
|
||||
|
|
|
@ -24,6 +24,7 @@
|
|||
<div class="login">
|
||||
<h2>{% trans "Dissociate OpenID URL" %}</h2>
|
||||
<form name = "fopenid" action = "." method= "post" />
|
||||
{% csrf_token %}
|
||||
<ul class = "NoBullet">
|
||||
{% for a_openid in associated_openids %}
|
||||
<li><input type = "checkbox" name = "a_openids" value = {{ a_openid }} /> {{ a_openid }} </li>
|
||||
|
@ -36,6 +37,7 @@
|
|||
|
||||
<h2>{% trans "Add a new OpenID account" %}</h2>
|
||||
<form name="openid_form" id="openid_form" action="." method="post">
|
||||
{% csrf_token %}
|
||||
<input type="hidden" name="action" value="verify" />
|
||||
<input type="hidden" name="next" value="{{ next }}" />
|
||||
<div id="openid_choice">
|
||||
|
@ -46,7 +48,7 @@
|
|||
<label for="id_openid_url">{% trans "OpenId URL :" %}</label> {{ form.openid_url }}
|
||||
<input name="openid_submit" type="submit" value="{% trans "Add OpenID" %}">
|
||||
</div>
|
||||
</form>
|
||||
</form>
|
||||
{% endblock %}
|
||||
|
||||
{% block extra_scripts %}
|
||||
|
|
|
@ -25,23 +25,23 @@
|
|||
{% endblocktrans %}
|
||||
</div>
|
||||
|
||||
|
||||
|
||||
{% if form1.errors %}
|
||||
<p class="errors">{% trans "Please correct errors below:" %}
|
||||
{% if form1.username.errors %}
|
||||
{% if form1.username.errors %}
|
||||
<ul class="errorlist">{{ form1.username.errors|join:", " }}</ul>
|
||||
{% endif %}
|
||||
{% if form1.email.errors %}
|
||||
{% if form1.email.errors %}
|
||||
<ul class="errorlist">{{ form1.email.errors|join:", " }}</ul>
|
||||
{% endif %}
|
||||
</p>
|
||||
{% endif %}
|
||||
{% if form2.errors %}
|
||||
<p class="errors">{% trans "Please correct errors below:" %}
|
||||
{% if form2.username.errors %}
|
||||
{% if form2.username.errors %}
|
||||
<ul class="errorlist">{{ form2.username.errors|join:", " }}</ul>
|
||||
{% endif %}
|
||||
{% if form2.password.errors %}
|
||||
{% if form2.password.errors %}
|
||||
<ul class="errorlist">{{ form2.password.errors|join:", " }}</ul>
|
||||
{% endif %}
|
||||
</p>
|
||||
|
@ -49,6 +49,7 @@
|
|||
|
||||
<div class="login">
|
||||
<form name="fregister" action="{% url user_register %}" method="POST">
|
||||
{% csrf_token %}
|
||||
<input type="hidden" name="next" value="{{ next }}" />
|
||||
<fieldset>
|
||||
<legend>{% trans "A new account" %}</legend>
|
||||
|
@ -60,10 +61,11 @@
|
|||
</form>
|
||||
</div>
|
||||
|
||||
|
||||
|
||||
|
||||
<div class="login">
|
||||
<form name="fverify" action="{% url user_register %}" method="POST">
|
||||
{% csrf_token %}
|
||||
<input type="hidden" name="next" value="{{ next }}" />
|
||||
<fieldset>
|
||||
<legend>{% trans "An existing account" %}</legend>
|
||||
|
@ -74,6 +76,3 @@
|
|||
</form>
|
||||
</div>
|
||||
{% endblock %}
|
||||
|
||||
|
||||
|
||||
|
|
|
@ -25,13 +25,13 @@
|
|||
|
||||
<h2>{% trans "Dissociate OpenID URL" %}</h2>
|
||||
<form name="fopenid" action="{% url user-dissociate %}" method="post">
|
||||
{% csrf_token %}
|
||||
<input type="hidden" name="next" value="{{ next }}" />
|
||||
{{ form.openid_url }}
|
||||
<p>Confirm to dissociate {% for a_oi in a_openids %} {{ a_oi }} <input type="hidden" name="a_openids_remove" value="{{ a_oi }}" /> {% endfor %} from your account</p>
|
||||
<div class="submit-row "><input name="bdissociate" type="submit" value="{% trans "Dissociate OpenID" %}">
|
||||
<input name="bdissociate_cancel" type="submit" value="{% trans "Cancel" %}"></div>
|
||||
|
||||
</form>
|
||||
</div>
|
||||
{% endblock %}
|
||||
|
||||
</form>
|
||||
</div>
|
||||
{% endblock %}
|
||||
|
|
|
@ -26,6 +26,7 @@
|
|||
<p>{% trans "Please enter your new password twice so we can verify you typed it in correctly." %}</p>
|
||||
|
||||
<form action="." method="post">
|
||||
{% csrf_token %}
|
||||
{{ form.new_password1.errors }}
|
||||
<p class="aligned wide"><label for="id_new_password1">{% trans 'New password:' %}</label>{{ form.new_password1 }}</p>
|
||||
{{ form.new_password2.errors }}
|
||||
|
@ -39,7 +40,7 @@
|
|||
<p>{% trans "Please enter your old password, for security's sake, and then enter your new password twice so we can verify you typed it in correctly." %}</p>
|
||||
|
||||
<form action="." method="post">
|
||||
|
||||
{% csrf_token %}
|
||||
{{ form.old_password.errors }}
|
||||
<p class="aligned wide"><label for="id_old_password">{% trans 'Old password:' %}</label>{{ form.old_password }}</p>
|
||||
{{ form.new_password1.errors }}
|
||||
|
@ -53,4 +54,4 @@
|
|||
|
||||
|
||||
{% endif %}
|
||||
{% endblock %}
|
||||
{% endblock %}
|
||||
|
|
|
@ -14,10 +14,10 @@
|
|||
{% endif %}
|
||||
{% if form2.errors %}
|
||||
<div class="errors"><p>{% trans "Please correct errors below:" %}
|
||||
{% if form2.username.errors %}
|
||||
{% if form2.username.errors %}
|
||||
<span class="error">{{ form2.username.errors|join:", " }}</span>
|
||||
{% endif %}
|
||||
{% if form2.password.errors %}
|
||||
{% if form2.password.errors %}
|
||||
<span class="error">{{ form2.password.errors|join:", " }}</span>
|
||||
{% endif %}
|
||||
</p></div>
|
||||
|
@ -32,6 +32,7 @@
|
|||
<div class="login">
|
||||
|
||||
<form id="openid_form" name="openid_form" action="{% url user_signin %}" method="post">
|
||||
{% csrf_token %}
|
||||
<input type="hidden" name="action" value="verify" />
|
||||
<input type="hidden" name="next" value="{{ next }}" />
|
||||
<div id="openid_choice">
|
||||
|
@ -43,8 +44,8 @@
|
|||
<label for="id_openid_url">{% trans "OpenId URL :" %}</label>{{ form1.openid_url }}
|
||||
<input name="openid_submit" type="submit" value="{% trans "Sign in with OpenID" %}">
|
||||
</div>
|
||||
</form>
|
||||
</div>
|
||||
</form>
|
||||
</div>
|
||||
{% endblock %}
|
||||
|
||||
{% block extra_scripts %}
|
||||
|
@ -56,6 +57,5 @@ $(document).ready(function() {
|
|||
});
|
||||
</script>
|
||||
<!-- /Simple OpenID Selector -->
|
||||
|
||||
{% endblock %}
|
||||
|
||||
{% endblock %}
|
||||
|
|
|
@ -20,10 +20,10 @@
|
|||
{% endif %}
|
||||
{% if form2.errors %}
|
||||
<div class="errors"><p>{% trans "Please correct errors below:" %}
|
||||
{% if form2.username.errors %}
|
||||
{% if form2.username.errors %}
|
||||
<span class="error">{{ form2.username.errors|join:", " }}</span>
|
||||
{% endif %}
|
||||
{% if form2.password.errors %}
|
||||
{% if form2.password.errors %}
|
||||
<span class="error">{{ form2.password.errors|join:", " }}</span>
|
||||
{% endif %}
|
||||
</p></div>
|
||||
|
@ -38,6 +38,7 @@
|
|||
<div class="login">
|
||||
|
||||
<form id="openid_form" name="openid_form" action="{% url user_signin %}" method="post">
|
||||
{% csrf_token %}
|
||||
<input type="hidden" name="action" value="verify" />
|
||||
<input type="hidden" name="next" value="{{ next }}" />
|
||||
<div id="openid_choice">
|
||||
|
@ -49,8 +50,8 @@
|
|||
<label for="id_openid_url">{% trans "OpenId URL :" %}</label>{{ form1.openid_url }}
|
||||
<input name="openid_submit" type="submit" value="{% trans "Sign in with OpenID" %}">
|
||||
</div>
|
||||
</form>
|
||||
</div>
|
||||
</form>
|
||||
</div>
|
||||
{% endblock %}
|
||||
|
||||
{% block extra_scripts %}
|
||||
|
@ -62,6 +63,5 @@ $(document).ready(function() {
|
|||
});
|
||||
</script>
|
||||
<!-- /Simple OpenID Selector -->
|
||||
|
||||
{% endblock %}
|
||||
|
||||
{% endblock %}
|
||||
|
|
|
@ -25,6 +25,7 @@
|
|||
You can change your default OpenID by clicking on "Make Default"
|
||||
</p>
|
||||
<form action="." id="form1" method="post">
|
||||
{% csrf_token %}
|
||||
{% for key,value in openids.items %}
|
||||
<p> <h4> {{ uri }}{{ oipath }}/{{ value.caption }}/
|
||||
{% if value.Default %}
|
||||
|
@ -51,6 +52,7 @@ You can change your default OpenID by clicking on "Make Default"
|
|||
<legend>{% trans "Add a new OpenID identity" %} </legend>
|
||||
<p>
|
||||
<form action = "/openid/addopenid/" id = "form2" method = "post">
|
||||
{% csrf_token %}
|
||||
<p> Leave blank to create an anonymous OpenID</p>
|
||||
{{ uri }}{{ oipath }}/{{ form.openid }}/
|
||||
{{ form.Default }}
|
||||
|
|
|
@ -7,6 +7,7 @@
|
|||
|
||||
{% block content %}
|
||||
<form action = "/openid/manageid_confirm/" id = "form" method = "post">
|
||||
{% csrf_token %}
|
||||
<p>Are you sure, you want to delete <strong> {{ id }} </strong> and these trusted site:</p>
|
||||
{% for i in trust %}
|
||||
{{ i }}
|
||||
|
|
|
@ -17,6 +17,7 @@
|
|||
<legend>{% trans "Your trusted site" %} </legend>
|
||||
<p>Check the trusted site that you want to remove and click on remove to remove these trusted site from these </p>
|
||||
<form action="." id="form" method="post">
|
||||
{% csrf_token %}
|
||||
{% for key, value in openids.items %}
|
||||
<p> <h4> {{ uri }}{{ oipath }}/{{ value.caption }}/ </h4>
|
||||
<ul class="NoBullet">
|
||||
|
@ -34,4 +35,3 @@
|
|||
</form>
|
||||
</fieldset>
|
||||
{% endblock %}
|
||||
|
||||
|
|
|
@ -5,6 +5,7 @@
|
|||
|
||||
{% block content %}
|
||||
<form method="post">
|
||||
{% csrf_token %}
|
||||
{{ form.as_p }}
|
||||
<input type="submit" value="{% trans "Create" %}"/>
|
||||
</form>
|
||||
|
|
|
@ -16,6 +16,7 @@
|
|||
{% endif %}
|
||||
|
||||
<form id="login-form" method="post" action=".">
|
||||
{% csrf_token %}
|
||||
{{ form.as_p }}
|
||||
|
||||
<input type="submit" value="{% trans 'Log in' %}" class="submit" />
|
||||
|
@ -39,6 +40,7 @@
|
|||
</div>
|
||||
<div>
|
||||
<form>
|
||||
{% csrf_token %}
|
||||
<select name="list_providers" size="1" onChange="redirect_from_list(this.form)">
|
||||
<option selected="selected">{% trans "Tell me where!" %}</option>
|
||||
{% for p in providers_list %}
|
||||
|
|
|
@ -7,6 +7,7 @@
|
|||
|
||||
{% block content %}
|
||||
<form method="post" action=".">
|
||||
{% csrf_token %}
|
||||
{{ form.as_p }}
|
||||
|
||||
<input type="submit" value="{% trans 'Submit' %}" />
|
||||
|
|
|
@ -10,6 +10,7 @@
|
|||
{% if validlink %}
|
||||
|
||||
<form method="post" action=".">
|
||||
{% csrf_token %}
|
||||
{{ form.as_p }}
|
||||
|
||||
<input type="submit" value="{% trans 'Submit' %}" />
|
||||
|
|
|
@ -10,6 +10,7 @@
|
|||
<h2>{% trans "Resetting password" %}</h2>
|
||||
|
||||
<form method="post" action=".">
|
||||
{% csrf_token %}
|
||||
{{ form.as_p }}
|
||||
|
||||
<input type="submit" value="{% trans 'Submit' %}" />
|
||||
|
|
|
@ -16,6 +16,7 @@
|
|||
<h2>{% trans "Registration" %}</h2>
|
||||
|
||||
<form method="post" action=".">
|
||||
{% csrf_token %}
|
||||
{{ form.as_p }}
|
||||
|
||||
<input type="submit" value="{% trans 'Submit' %}" />
|
||||
|
|
Loading…
Reference in New Issue