##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
pyramid: if possible fetch csrf tokens from pyramid session....
marcink -
r1918:de4c5093 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1906,13 +1906,18 b' def secure_form(url, method="POST", mult'
1906 """
1906 """
1907 from webhelpers.pylonslib.secure_form import insecure_form
1907 from webhelpers.pylonslib.secure_form import insecure_form
1908 form = insecure_form(url, method, multipart, **attrs)
1908 form = insecure_form(url, method, multipart, **attrs)
1909 token = csrf_input()
1909
1910 session = None
1911 # TODO(marcink): after pyramid migration require request variable ALWAYS
1912 if 'request' in attrs:
1913 session = attrs['request'].session
1914
1915 token = literal(
1916 '<input type="hidden" id="{}" name="{}" value="{}">'.format(
1917 csrf_token_key, csrf_token_key, get_csrf_token(session)))
1918
1910 return literal("%s\n%s" % (form, token))
1919 return literal("%s\n%s" % (form, token))
1911
1920
1912 def csrf_input():
1913 return literal(
1914 '<input type="hidden" id="{}" name="{}" value="{}">'.format(
1915 csrf_token_key, csrf_token_key, get_csrf_token()))
1916
1921
1917 def dropdownmenu(name, selected, options, enable_filter=False, **attrs):
1922 def dropdownmenu(name, selected, options, enable_filter=False, **attrs):
1918 select_html = select(name, selected, options, **attrs)
1923 select_html = select(name, selected, options, **attrs)
Show file before | Show file after | Hide comments
@@ -49,6 +49,7 b' from pkg_resources import resource_filen'
49 from formencode import All, Pipe
49 from formencode import All, Pipe
50
50
51 from pylons.i18n.translation import _
51 from pylons.i18n.translation import _
52 from pyramid.threadlocal import get_current_request
52
53
53 from rhodecode import BACKENDS
54 from rhodecode import BACKENDS
54 from rhodecode.lib import helpers
55 from rhodecode.lib import helpers
@@ -66,6 +67,7 b' class RhodecodeFormZPTRendererFactory(de'
66 """ Subclass of ZPTRendererFactory to add rhodecode context variables """
67 """ Subclass of ZPTRendererFactory to add rhodecode context variables """
67 def __call__(self, template_name, **kw):
68 def __call__(self, template_name, **kw):
68 kw['h'] = helpers
69 kw['h'] = helpers
70 kw['request'] = get_current_request()
69 return self.load(template_name)(**kw)
71 return self.load(template_name)(**kw)
70
72
71
73
Show file before | Show file after | Hide comments
@@ -38,7 +38,7 b''
38 </div>
38 </div>
39
39
40 <div class="main-content-full-width">
40 <div class="main-content-full-width">
41 ${h.secure_form(request.resource_path(resource, route_name='auth_home'))}
41 ${h.secure_form(request.resource_path(resource, route_name='auth_home'), request=request)}
42 <div class="form">
42 <div class="form">
43
43
44 <div class="panel panel-default">
44 <div class="panel panel-default">
Show file before | Show file after | Hide comments
@@ -47,7 +47,7 b''
47 <div class="panel-body">
47 <div class="panel-body">
48 <div class="plugin_form">
48 <div class="plugin_form">
49 <div class="fields">
49 <div class="fields">
50 ${h.secure_form(request.resource_path(resource, route_name='auth_home'))}
50 ${h.secure_form(request.resource_path(resource, route_name='auth_home'), request=request)}
51 <div class="form">
51 <div class="form">
52
52
53 %for node in plugin.get_settings_schema():
53 %for node in plugin.get_settings_schema():
Show file before | Show file after | Hide comments
@@ -26,7 +26,7 b''
26 <div class="table">
26 <div class="table">
27
27
28 <div id="files_data">
28 <div id="files_data">
29 ${h.secure_form(h.route_path('gist_update', gist_id=c.gist.gist_access_id), id='eform', method='POST')}
29 ${h.secure_form(h.route_path('gist_update', gist_id=c.gist.gist_access_id), id='eform', method='POST', request=request)}
30 <div>
30 <div>
31 <input type="hidden" value="${c.file_last_commit.raw_id}" name="parent_hash">
31 <input type="hidden" value="${c.file_last_commit.raw_id}" name="parent_hash">
32 <textarea id="description" name="description"
32 <textarea id="description" name="description"
Show file before | Show file after | Hide comments
@@ -25,7 +25,7 b''
25
25
26 <div class="table">
26 <div class="table">
27 <div id="files_data">
27 <div id="files_data">
28 ${h.secure_form(h.route_path('gists_create'), id='eform', method='POST')}
28 ${h.secure_form(h.route_path('gists_create'), id='eform', method='POST', request=request)}
29 <div>
29 <div>
30 <textarea id="description" name="description" placeholder="${_('Gist description ...')}"></textarea>
30 <textarea id="description" name="description" placeholder="${_('Gist description ...')}"></textarea>
31
31
Show file before | Show file after | Hide comments
@@ -45,7 +45,7 b''
45 <div class="stats">
45 <div class="stats">
46 %if h.HasPermissionAny('hg.admin')() or c.gist.gist_owner == c.rhodecode_user.user_id:
46 %if h.HasPermissionAny('hg.admin')() or c.gist.gist_owner == c.rhodecode_user.user_id:
47 <div class="remove_gist">
47 <div class="remove_gist">
48 ${h.secure_form(h.route_path('gist_delete', gist_id=c.gist.gist_access_id), method='POST')}
48 ${h.secure_form(h.route_path('gist_delete', gist_id=c.gist.gist_access_id), method='POST', request=request)}
49 ${h.submit('remove_gist', _('Delete'),class_="btn btn-mini btn-danger",onclick="return confirm('"+_('Confirm to delete this Gist')+"');")}
49 ${h.submit('remove_gist', _('Delete'),class_="btn btn-mini btn-danger",onclick="return confirm('"+_('Confirm to delete this Gist')+"');")}
50 ${h.end_form()}
50 ${h.end_form()}
51 </div>
51 </div>
Show file before | Show file after | Hide comments
@@ -42,7 +42,7 b''
42 %endif
42 %endif
43 </td>
43 </td>
44 <td class="td-action">
44 <td class="td-action">
45 ${h.secure_form(h.route_path('my_account_auth_tokens_delete'), method='post')}
45 ${h.secure_form(h.route_path('my_account_auth_tokens_delete'), method='POST', request=request)}
46 ${h.hidden('del_auth_token', auth_token.user_api_key_id)}
46 ${h.hidden('del_auth_token', auth_token.user_api_key_id)}
47 <button class="btn btn-link btn-danger" type="submit"
47 <button class="btn btn-link btn-danger" type="submit"
48 onclick="return confirm('${_('Confirm to remove this auth token: %s') % auth_token.token_obfuscated}');">
48 onclick="return confirm('${_('Confirm to remove this auth token: %s') % auth_token.token_obfuscated}');">
@@ -59,7 +59,7 b''
59 </div>
59 </div>
60
60
61 <div class="user_auth_tokens">
61 <div class="user_auth_tokens">
62 ${h.secure_form(h.route_path('my_account_auth_tokens_add'), method='post')}
62 ${h.secure_form(h.route_path('my_account_auth_tokens_add'), method='POST', request=request)}
63 <div class="form form-vertical">
63 <div class="form form-vertical">
64 <!-- fields -->
64 <!-- fields -->
65 <div class="fields">
65 <div class="fields">
Show file before | Show file after | Hide comments
@@ -25,7 +25,7 b''
25 <span class="user email">${em.email}</span>
25 <span class="user email">${em.email}</span>
26 </td>
26 </td>
27 <td class="td-action">
27 <td class="td-action">
28 ${h.secure_form(h.route_path('my_account_emails_delete'), method='POST')}
28 ${h.secure_form(h.route_path('my_account_emails_delete'), method='POST', request=request)}
29 ${h.hidden('del_email_id',em.email_id)}
29 ${h.hidden('del_email_id',em.email_id)}
30 <button class="btn btn-link btn-danger" type="submit" id="${'remove_email_%s'.format(em.email_id)}"
30 <button class="btn btn-link btn-danger" type="submit" id="${'remove_email_%s'.format(em.email_id)}"
31 onclick="return confirm('${_('Confirm to delete this email: {}').format(em.email)}');">
31 onclick="return confirm('${_('Confirm to delete this email: {}').format(em.email)}');">
@@ -48,7 +48,7 b''
48 </div>
48 </div>
49
49
50 <div>
50 <div>
51 ${h.secure_form(h.route_path('my_account_emails_add'), method='POST')}
51 ${h.secure_form(h.route_path('my_account_emails_add'), method='POST', request=request)}
52 <div class="form">
52 <div class="form">
53 <!-- fields -->
53 <!-- fields -->
54 <div class="fields">
54 <div class="fields">
Show file before | Show file after | Hide comments
@@ -6,7 +6,7 b''
6 </div>
6 </div>
7
7
8 <div class="panel-body">
8 <div class="panel-body">
9 ${h.secure_form(h.route_path('my_account_update'), class_='form', method='POST')}
9 ${h.secure_form(h.route_path('my_account_update'), class_='form', method='POST', request=request)}
10 <% readonly = None %>
10 <% readonly = None %>
11 <% disabled = "" %>
11 <% disabled = "" %>
12
12
Show file before | Show file after | Hide comments
@@ -20,7 +20,7 b''
20 <td class="td-iprange"><div class="ip">${h.ip_range(ip.ip_addr)}</div></td>
20 <td class="td-iprange"><div class="ip">${h.ip_range(ip.ip_addr)}</div></td>
21 <td class="td-description"><div class="ip">${ip.description}</div></td>
21 <td class="td-description"><div class="ip">${ip.description}</div></td>
22 <td class="td-action">
22 <td class="td-action">
23 ${h.secure_form(h.route_path('edit_user_ips_delete', user_id=c.user.user_id), method='POST')}
23 ${h.secure_form(h.route_path('edit_user_ips_delete', user_id=c.user.user_id), method='POST', request=request)}
24 ${h.hidden('del_ip_id',ip.ip_id)}
24 ${h.hidden('del_ip_id',ip.ip_id)}
25 ${h.hidden('default_user', 'True')}
25 ${h.hidden('default_user', 'True')}
26 ${h.submit('remove_',_('Delete'),id="remove_ip_%s" % ip.ip_id,
26 ${h.submit('remove_',_('Delete'),id="remove_ip_%s" % ip.ip_id,
@@ -40,7 +40,7 b''
40 </table>
40 </table>
41 </div>
41 </div>
42
42
43 ${h.secure_form(h.route_path('edit_user_ips_add', user_id=c.user.user_id), method='POST')}
43 ${h.secure_form(h.route_path('edit_user_ips_add', user_id=c.user.user_id), method='POST', request=request)}
44 <div class="form">
44 <div class="form">
45 <!-- fields -->
45 <!-- fields -->
46 <div class="fields">
46 <div class="fields">
Show file before | Show file after | Hide comments
@@ -24,7 +24,7 b''
24 <h3 class="panel-title">${_('Fork Reference')} <a class="permalink" href="#advanced-fork"></a></h3>
24 <h3 class="panel-title">${_('Fork Reference')} <a class="permalink" href="#advanced-fork"></a></h3>
25 </div>
25 </div>
26 <div class="panel-body">
26 <div class="panel-body">
27 ${h.secure_form(h.route_path('edit_repo_advanced_fork', repo_name=c.repo_info.repo_name), method='POST')}
27 ${h.secure_form(h.route_path('edit_repo_advanced_fork', repo_name=c.repo_info.repo_name), method='POST', request=request)}
28
28
29 % if c.repo_info.fork:
29 % if c.repo_info.fork:
30 <div class="panel-body-title-text">${h.literal(_('This repository is a fork of %(repo_link)s') % {'repo_link': h.link_to_if(c.has_origin_repo_read_perm,c.repo_info.fork.repo_name, h.route_path('repo_summary', repo_name=c.repo_info.fork.repo_name))})}
30 <div class="panel-body-title-text">${h.literal(_('This repository is a fork of %(repo_link)s') % {'repo_link': h.link_to_if(c.has_origin_repo_read_perm,c.repo_info.fork.repo_name, h.route_path('repo_summary', repo_name=c.repo_info.fork.repo_name))})}
@@ -48,7 +48,7 b''
48 <h3 class="panel-title">${_('Public Journal Visibility')} <a class="permalink" href="#advanced-journal"></a></h3>
48 <h3 class="panel-title">${_('Public Journal Visibility')} <a class="permalink" href="#advanced-journal"></a></h3>
49 </div>
49 </div>
50 <div class="panel-body">
50 <div class="panel-body">
51 ${h.secure_form(h.route_path('edit_repo_advanced_journal', repo_name=c.repo_info.repo_name), method='POST')}
51 ${h.secure_form(h.route_path('edit_repo_advanced_journal', repo_name=c.repo_info.repo_name), method='POST', request=request)}
52 <div class="field">
52 <div class="field">
53 %if c.in_public_journal:
53 %if c.in_public_journal:
54 <button class="btn btn-small" type="submit">
54 <button class="btn btn-small" type="submit">
@@ -73,7 +73,7 b''
73 <h3 class="panel-title">${_('Locking state')} <a class="permalink" href="#advanced-locking"></a></h3>
73 <h3 class="panel-title">${_('Locking state')} <a class="permalink" href="#advanced-locking"></a></h3>
74 </div>
74 </div>
75 <div class="panel-body">
75 <div class="panel-body">
76 ${h.secure_form(h.route_path('edit_repo_advanced_locking', repo_name=c.repo_info.repo_name), method='POST')}
76 ${h.secure_form(h.route_path('edit_repo_advanced_locking', repo_name=c.repo_info.repo_name), method='POST', request=request)}
77
77
78 %if c.repo_info.locked[0]:
78 %if c.repo_info.locked[0]:
79 <div class="panel-body-title-text">${'Locked by %s on %s. Lock reason: %s' % (h.person_by_id(c.repo_info.locked[0]),
79 <div class="panel-body-title-text">${'Locked by %s on %s. Lock reason: %s' % (h.person_by_id(c.repo_info.locked[0]),
@@ -113,7 +113,7 b''
113 <h3 class="panel-title">${_('Delete repository')} <a class="permalink" href="#advanced-delete"></a></h3>
113 <h3 class="panel-title">${_('Delete repository')} <a class="permalink" href="#advanced-delete"></a></h3>
114 </div>
114 </div>
115 <div class="panel-body">
115 <div class="panel-body">
116 ${h.secure_form(h.route_path('edit_repo_advanced_delete', repo_name=c.repo_name), method='POST')}
116 ${h.secure_form(h.route_path('edit_repo_advanced_delete', repo_name=c.repo_name), method='POST', request=request)}
117 <table class="display">
117 <table class="display">
118 <tr>
118 <tr>
119 <td>
119 <td>
Show file before | Show file after | Hide comments
@@ -14,7 +14,7 b''
14 </code>
14 </code>
15 </p>
15 </p>
16
16
17 ${h.secure_form(h.route_path('edit_repo_caches', repo_name=c.repo_name), method='POST')}
17 ${h.secure_form(h.route_path('edit_repo_caches', repo_name=c.repo_name), method='POST', request=request)}
18 <div class="form">
18 <div class="form">
19 <div class="fields">
19 <div class="fields">
20 ${h.submit('reset_cache_%s' % c.repo_info.repo_name,_('Invalidate repository cache'),class_="btn btn-small",onclick="return confirm('"+_('Confirm to invalidate repository cache')+"');")}
20 ${h.submit('reset_cache_%s' % c.repo_info.repo_name,_('Invalidate repository cache'),class_="btn btn-small",onclick="return confirm('"+_('Confirm to invalidate repository cache')+"');")}
Show file before | Show file after | Hide comments
@@ -5,7 +5,7 b''
5 <h3 class="panel-title">${_('Repository Permissions')}</h3>
5 <h3 class="panel-title">${_('Repository Permissions')}</h3>
6 </div>
6 </div>
7 <div class="panel-body">
7 <div class="panel-body">
8 ${h.secure_form(h.route_path('edit_repo_perms', repo_name=c.repo_name), method='POST')}
8 ${h.secure_form(h.route_path('edit_repo_perms', repo_name=c.repo_name), method='POST', request=request)}
9 <table id="permissions_manage" class="rctable permissions">
9 <table id="permissions_manage" class="rctable permissions">
10 <tr>
10 <tr>
11 <th class="td-radio">${_('None')}</th>
11 <th class="td-radio">${_('None')}</th>
Show file before | Show file after | Hide comments
@@ -6,7 +6,7 b''
6 <h3 class="panel-title">${_('Settings for Repository: %s') % c.rhodecode_db_repo.repo_name}</h3>
6 <h3 class="panel-title">${_('Settings for Repository: %s') % c.rhodecode_db_repo.repo_name}</h3>
7 </div>
7 </div>
8 <div class="panel-body">
8 <div class="panel-body">
9 ${h.secure_form(h.route_path('edit_repo', repo_name=c.rhodecode_db_repo.repo_name), method='POST')}
9 ${h.secure_form(h.route_path('edit_repo', repo_name=c.rhodecode_db_repo.repo_name), method='POST', request=request)}
10 <div class="form">
10 <div class="form">
11 <!-- fields -->
11 <!-- fields -->
12 <div class="fields">
12 <div class="fields">
Show file before | Show file after | Hide comments
@@ -9,7 +9,7 b''
9 ${_('In the first step commits will be verified for existance in the repository')}. </br>
9 ${_('In the first step commits will be verified for existance in the repository')}. </br>
10 ${_('In the second step, correct commits will be available for stripping')}.
10 ${_('In the second step, correct commits will be available for stripping')}.
11 </p>
11 </p>
12 ${h.secure_form(h.route_path('strip_check', repo_name=c.repo_info.repo_name), method='post')}
12 ${h.secure_form(h.route_path('strip_check', repo_name=c.repo_info.repo_name), method='POST', request=request)}
13 <div id="change_body" class="field">
13 <div id="change_body" class="field">
14 <div id="box-1" class="inputx locked_input">
14 <div id="box-1" class="inputx locked_input">
15 <input class="text" id="changeset_id-1" name="changeset_id-1" size="59"
15 <input class="text" id="changeset_id-1" name="changeset_id-1" size="59"
Show file before | Show file after | Hide comments
@@ -28,7 +28,7 b''
28 <h3 class="panel-title">${_('Cleanup Old Sessions')}</h3>
28 <h3 class="panel-title">${_('Cleanup Old Sessions')}</h3>
29 </div>
29 </div>
30 <div class="panel-body">
30 <div class="panel-body">
31 ${h.secure_form(h.route_path('admin_settings_sessions_cleanup'), method='post')}
31 ${h.secure_form(h.route_path('admin_settings_sessions_cleanup'), method='POST', request=request)}
32
32
33 <p>
33 <p>
34 ${_('Cleanup user sessions that were not active during chosen time frame.')} <br/>
34 ${_('Cleanup user sessions that were not active during chosen time frame.')} <br/>
Show file before | Show file after | Hide comments
@@ -38,7 +38,7 b''
38 %endif
38 %endif
39 </td>
39 </td>
40 <td class="td-action">
40 <td class="td-action">
41 ${h.secure_form(h.route_path('edit_user_auth_tokens_delete', user_id=c.user.user_id), method='POST')}
41 ${h.secure_form(h.route_path('edit_user_auth_tokens_delete', user_id=c.user.user_id), method='POST', request=request)}
42 ${h.hidden('del_auth_token', auth_token.user_api_key_id)}
42 ${h.hidden('del_auth_token', auth_token.user_api_key_id)}
43 <button class="btn btn-link btn-danger" type="submit"
43 <button class="btn btn-link btn-danger" type="submit"
44 onclick="return confirm('${_('Confirm to remove this auth token: %s') % auth_token.token_obfuscated}');">
44 onclick="return confirm('${_('Confirm to remove this auth token: %s') % auth_token.token_obfuscated}');">
@@ -55,7 +55,7 b''
55 </div>
55 </div>
56
56
57 <div class="user_auth_tokens">
57 <div class="user_auth_tokens">
58 ${h.secure_form(h.route_path('edit_user_auth_tokens_add', user_id=c.user.user_id), method='POST')}
58 ${h.secure_form(h.route_path('edit_user_auth_tokens_add', user_id=c.user.user_id), method='POST', request=request)}
59 <div class="form form-vertical">
59 <div class="form form-vertical">
60 <!-- fields -->
60 <!-- fields -->
61 <div class="fields">
61 <div class="fields">
Show file before | Show file after | Hide comments
@@ -24,7 +24,7 b''
24 <span class="user email">${em.email}</span>
24 <span class="user email">${em.email}</span>
25 </td>
25 </td>
26 <td class="td-action">
26 <td class="td-action">
27 ${h.secure_form(h.route_path('edit_user_emails_delete', user_id=c.user.user_id), method='POST')}
27 ${h.secure_form(h.route_path('edit_user_emails_delete', user_id=c.user.user_id), method='POST', request=request)}
28 ${h.hidden('del_email_id', em.email_id)}
28 ${h.hidden('del_email_id', em.email_id)}
29 <button class="btn btn-link btn-danger" type="submit"
29 <button class="btn btn-link btn-danger" type="submit"
30 onclick="return confirm('${_('Confirm to delete this email: %s') % em.email}');">
30 onclick="return confirm('${_('Confirm to delete this email: %s') % em.email}');">
@@ -46,7 +46,7 b''
46 </table>
46 </table>
47 </div>
47 </div>
48
48
49 ${h.secure_form(h.route_path('edit_user_emails_add', user_id=c.user.user_id), method='POST')}
49 ${h.secure_form(h.route_path('edit_user_emails_add', user_id=c.user.user_id), method='POST', request=request)}
50 <div class="form">
50 <div class="form">
51 <!-- fields -->
51 <!-- fields -->
52 <div class="fields">
52 <div class="fields">
Show file before | Show file after | Hide comments
@@ -19,7 +19,7 b''
19 </div>
19 </div>
20
20
21 <div class="groups_management">
21 <div class="groups_management">
22 ${h.secure_form(h.route_path('edit_user_groups_management_updates', user_id=c.user.user_id), method='post')}
22 ${h.secure_form(h.route_path('edit_user_groups_management_updates', user_id=c.user.user_id), method='POST', request=request)}
23 <div id="repos_list_wrap">
23 <div id="repos_list_wrap">
24 <table id="user_group_list_table" class="display"></table>
24 <table id="user_group_list_table" class="display"></table>
25 </div>
25 </div>
Show file before | Show file after | Hide comments
@@ -30,7 +30,7 b''
30 <td class="td-iprange"><div class="ip">${h.ip_range(ip.ip_addr)}</div></td>
30 <td class="td-iprange"><div class="ip">${h.ip_range(ip.ip_addr)}</div></td>
31 <td class="td-description"><div class="ip">${ip.description}</div></td>
31 <td class="td-description"><div class="ip">${ip.description}</div></td>
32 <td class="td-action">
32 <td class="td-action">
33 ${h.secure_form(h.route_path('edit_user_ips_delete', user_id=c.user.user_id), method='POST')}
33 ${h.secure_form(h.route_path('edit_user_ips_delete', user_id=c.user.user_id), method='POST', request=request)}
34 ${h.hidden('del_ip_id', ip.ip_id)}
34 ${h.hidden('del_ip_id', ip.ip_id)}
35 ${h.submit('remove_', _('Delete'),id="remove_ip_%s" % ip.ip_id,
35 ${h.submit('remove_', _('Delete'),id="remove_ip_%s" % ip.ip_id,
36 class_="btn btn-link btn-danger", onclick="return confirm('"+_('Confirm to delete this ip: %s') % ip.ip_addr+"');")}
36 class_="btn btn-link btn-danger", onclick="return confirm('"+_('Confirm to delete this ip: %s') % ip.ip_addr+"');")}
@@ -51,7 +51,7 b''
51 </div>
51 </div>
52
52
53 <div>
53 <div>
54 ${h.secure_form(h.route_path('edit_user_ips_add', user_id=c.user.user_id), method='POST')}
54 ${h.secure_form(h.route_path('edit_user_ips_add', user_id=c.user.user_id), method='POST', request=request)}
55 <div class="form">
55 <div class="form">
56 <!-- fields -->
56 <!-- fields -->
57 <div class="fields">
57 <div class="fields">
Show file before | Show file after | Hide comments
@@ -348,7 +348,7 b''
348 <li>${h.link_to(_(u'My personal group'), h.route_path('repo_group_home', repo_group_name=c.rhodecode_user.personal_repo_group.group_name))}</li>
348 <li>${h.link_to(_(u'My personal group'), h.route_path('repo_group_home', repo_group_name=c.rhodecode_user.personal_repo_group.group_name))}</li>
349 % endif
349 % endif
350 <li class="logout">
350 <li class="logout">
351 ${h.secure_form(h.route_path('logout'))}
351 ${h.secure_form(h.route_path('logout'), request=request)}
352 ${h.submit('log_out', _(u'Sign Out'),class_="btn btn-primary")}
352 ${h.submit('log_out', _(u'Sign Out'),class_="btn btn-primary")}
353 ${h.end_form()}
353 ${h.end_form()}
354 </li>
354 </li>
Show file before | Show file after | Hide comments
@@ -119,7 +119,7 b''
119 <i class="icon-pencil"></i>Edit</a>
119 <i class="icon-pencil"></i>Edit</a>
120 </div>
120 </div>
121 <div class="grid_delete">
121 <div class="grid_delete">
122 ${h.secure_form(h.route_path('edit_repo_advanced_delete', repo_name=repo_name), method='POST')}
122 ${h.secure_form(h.route_path('edit_repo_advanced_delete', repo_name=repo_name), method='POST', request=request)}
123 ${h.submit('remove_%s' % repo_name,_('Delete'),class_="btn btn-link btn-danger",
123 ${h.submit('remove_%s' % repo_name,_('Delete'),class_="btn btn-link btn-danger",
124 onclick="return confirm('"+_('Confirm to delete this repository: %s') % repo_name+"');")}
124 onclick="return confirm('"+_('Confirm to delete this repository: %s') % repo_name+"');")}
125 ${h.end_form()}
125 ${h.end_form()}
Show file before | Show file after | Hide comments
@@ -27,7 +27,7 b''
27
27
28 <legend tal:condition="title">${title}</legend>
28 <legend tal:condition="title">${title}</legend>
29
29
30 <input type="hidden" name="${h.csrf_token_key}" value="${h.get_csrf_token()}" />
30 <input type="hidden" name="${h.csrf_token_key}" value="${h.get_csrf_token(request.session)}" />
31 <input type="hidden" name="_charset_" />
31 <input type="hidden" name="_charset_" />
32 <input type="hidden" name="__formid__" value="${formid}"/>
32 <input type="hidden" name="__formid__" value="${formid}"/>
33
33
General Comments 0
You need to be logged in to leave comments. Login now