Added cross-scripting field to auth form.

2026-04-12 18:05:06 +00:00 · 2017-07-23 20:20:06 +01:00 · 2017-07-23 20:20:06 +01:00 · 32f2695b76
commit 32f2695b76
parent a6f748b49f
1 changed files with 23 additions and 22 deletions
--- a/resources/templates/auth.html
+++ b/resources/templates/auth.html
@ -1,27 +1,28 @@
 {% extends "templates/base.html" %}
 {% block content %}
        <div id="content" class="auth">
-            <form action="{{servlet-context}}/auth" method="POST">
+          <form action="{{servlet-context}}/auth" method="POST">
-                <input type="hidden" name="redirect-to" value="{{redirect-to}}"/>
+            {% csrf-field %}
-                {% if user %}
+            <input type="hidden" name="redirect-to" value="{{redirect-to}}"/>
-                <p class="widget">
+            {% if user %}
-                    <label for="submit">{{config.save-prompt}}</label>
+            <p class="widget">
-                    <input name="action" id="action" type="submit" class="action-dangerous" value="{{config.logout-label}}"/>
+              <label for="submit">{{config.save-prompt}}</label>
-                </p>
+              <input name="action" id="action" type="submit" class="action-dangerous" value="{{config.logout-label}}"/>
-                {% else %}
+            </p>
-                <p class="widget">
+            {% else %}
-                    <label for="username">{{config.your-uname-prompt}}</label>
+            <p class="widget">
-                    <input name="username" id="username" type="text" required/>
+              <label for="username">{{config.your-uname-prompt}}</label>
-                </p>
+              <input name="username" id="username" type="text" required/>
-                <p class="widget">
+            </p>
-                    <label for="password">{{config.old-pass-prompt}}</label>
+            <p class="widget">
-                    <input name="password" id="password" type="password" required/>
+              <label for="password">{{config.old-pass-prompt}}</label>
-                </p>
+              <input name="password" id="password" type="password" required/>
-                <p class="widget">
+            </p>
-                    <label for="submit">{{config.login-prompt}}</label>
+            <p class="widget">
-                    <input name="action" id="action" type="submit" class="action" value="{{config.login-label}}"/>
+              <label for="submit">{{config.login-prompt}}</label>
-                </p>
+              <input name="action" id="action" type="submit" class="action" value="{{config.login-label}}"/>
-                {% endif %}
+            </p>
-            </form>
+            {% endif %}
          </form>
        </div>
 {% endblock %}