Re: Change request -- fas template csrf fix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 12 Mar 2009, Toshio Kuratomi wrote:

> Found a template in fas that is not adding the csrf token properly.
>
> The Add User button on:
>   https://admin.fedoraproject.org/accounts/group/view/
>
> This is just an annoyance (one particular link leading people to the
> CSRF login page instead of directly to the action they requested) but
> the fix is easy and non-intrusive.
>
> Patch is:
>
> @@ -77,7 +77,8 @@
>          <py:if test="can_sponsor">
>          <dt>${_('Add User:')}</dt>
>          <dd>
> -          <form action="${tg.url('/group/application_screen/%s' %
> group.name)}">
> +          <form action="${tg.url('/group/application_screen/%s' %
> group.name)}"
> +            method="post">
>              <input type='text' size='15' name='targetname'/>
>              <input type="submit" value="${('Add')}" />
>

+1

	-Mike

_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list

[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux