On Thu, 12 Mar 2009, Toshio Kuratomi wrote: > Found a template in fas that is not adding the csrf token properly. > > The Add User button on: > https://admin.fedoraproject.org/accounts/group/view/ > > This is just an annoyance (one particular link leading people to the > CSRF login page instead of directly to the action they requested) but > the fix is easy and non-intrusive. > > Patch is: > > @@ -77,7 +77,8 @@ > <py:if test="can_sponsor"> > <dt>${_('Add User:')}</dt> > <dd> > - <form action="${tg.url('/group/application_screen/%s' % > group.name)}"> > + <form action="${tg.url('/group/application_screen/%s' % > group.name)}" > + method="post"> > <input type='text' size='15' name='targetname'/> > <input type="submit" value="${('Add')}" /> > +1 -Mike _______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
