Merge lp:~wacky/postorius/csrf into lp:postorius

Proposed by Richard Wackerbarth
Status: Merged
Merged at revision: 65
Proposed branch: lp:~wacky/postorius/csrf
Merge into: lp:postorius
Diff against target: 253 lines (+25/-25)
14 files modified
src/postorius/templates/postorius/confirm_dialog.html (+1/-1)
src/postorius/templates/postorius/domain_new.html (+1/-1)
src/postorius/templates/postorius/lists/mass_subscribe.html (+1/-1)
src/postorius/templates/postorius/lists/new.html (+1/-1)
src/postorius/templates/postorius/lists/settings.html (+1/-1)
src/postorius/templates/postorius/lists/subscribe.html (+1/-1)
src/postorius/templates/postorius/lists/subscriptions.html (+2/-2)
src/postorius/templates/postorius/lists/summary.html (+1/-1)
src/postorius/templates/postorius/login.html (+4/-4)
src/postorius/templates/postorius/menu/general.html (+2/-2)
src/postorius/templates/postorius/menu/maintanance.html (+3/-3)
src/postorius/templates/postorius/menu/subscriptions.html (+4/-4)
src/postorius/templates/postorius/user_mailmansettings.html (+1/-1)
src/postorius/templates/postorius/user_settings.html (+2/-2)
To merge this branch: bzr merge lp:~wacky/postorius/csrf
Reviewer Review Type Date Requested Status
Florian Fuchs Approve
Review via email: mp+106211@code.launchpad.net

Description of the change

csrf tokens added

To post a comment you must log in.
lp:~wacky/postorius/csrf updated
66. By Richard Wackerbarth

Some spelling errors

Revision history for this message
Florian Fuchs (flo-fuchs) wrote :

Hi Richard,

thank you for the fix! I've merged into trunk (revision 65).

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'src/postorius/templates/postorius/confirm_dialog.html'
2--- src/postorius/templates/postorius/confirm_dialog.html 2012-03-23 17:24:59 +0000
3+++ src/postorius/templates/postorius/confirm_dialog.html 2012-05-17 15:51:26 +0000
4@@ -4,7 +4,7 @@
5 {% block main %}
6 <h1>{% trans 'Confirm' %}</h1>
7 <p>{% trans "Are you sure?" %}</p>
8- <form action="{{submit_url}}" method="post">
9+ <form action="{{submit_url}}" method="post"> {% csrf_token %}
10 <button class="btn btn-danger" type="submit">{% trans "OK" %}</button>
11 <a class="btn" href="{{cancel_url}}">{% trans "Cancel" %}</a>
12 </form>
13
14=== modified file 'src/postorius/templates/postorius/domain_new.html'
15--- src/postorius/templates/postorius/domain_new.html 2012-03-23 18:02:50 +0000
16+++ src/postorius/templates/postorius/domain_new.html 2012-05-17 15:51:26 +0000
17@@ -4,7 +4,7 @@
18 {% block main %}
19 {% include 'postorius/menu/settings_nav.html' %}
20 <h1>{% trans "Add a new Domain" %}</h1>
21- <form action="{% url domain_new %}" method="post" class="well">
22+ <form action="{% url domain_new %}" method="post" class="well"> {% csrf_token %}
23 {{ form.as_p }}
24 <div class="field">
25 <button class="btn btn-success" type="submit">{% trans "Create Domain" %}</button>
26
27=== modified file 'src/postorius/templates/postorius/lists/mass_subscribe.html'
28--- src/postorius/templates/postorius/lists/mass_subscribe.html 2012-03-23 22:06:25 +0000
29+++ src/postorius/templates/postorius/lists/mass_subscribe.html 2012-05-17 15:51:26 +0000
30@@ -6,7 +6,7 @@
31 {% include 'postorius/menu/list_nav.html' %}
32 {% endif %}
33 <h1>{% trans "Mass Subscribe" %} <span>- {{list.fqdn_listname}}</span></h1>
34- <form action="{% url mass_subscribe list.fqdn_listname %}" method="post" class="well">
35+ <form action="{% url mass_subscribe list.fqdn_listname %}" method="post" class="well"> {% csrf_token %}
36 {{ form.as_p }}
37 <button class="btn btn-primary" type="submit">{% trans "Subscribe users" %}</button>
38 </form>
39
40=== modified file 'src/postorius/templates/postorius/lists/new.html'
41--- src/postorius/templates/postorius/lists/new.html 2012-03-23 18:02:50 +0000
42+++ src/postorius/templates/postorius/lists/new.html 2012-05-17 15:51:26 +0000
43@@ -3,7 +3,7 @@
44
45 {% block main %}
46 <h1>{% trans "Create a new List" %} {{ block.super }}</h1>
47- <form action="{% url list_new %}" method="post" class="well">
48+ <form action="{% url list_new %}" method="post" class="well"> {% csrf_token %}
49 {{ form.as_p }}
50 <button class="btn btn-success" type="submit">{% trans "Create List" %}</button>
51 </form>
52
53=== modified file 'src/postorius/templates/postorius/lists/settings.html'
54--- src/postorius/templates/postorius/lists/settings.html 2012-03-23 17:24:59 +0000
55+++ src/postorius/templates/postorius/lists/settings.html 2012-05-17 15:51:26 +0000
56@@ -12,7 +12,7 @@
57 </ul>
58
59 {% if visible_section %}
60- <form class="well" action="{% url list_settings fqdn_listname=list.fqdn_listname visible_section=visible_section visible_option=visible_option %}" method="post" class="list_settings">
61+ <form class="well" action="{% url list_settings fqdn_listname=list.fqdn_listname visible_section=visible_section visible_option=visible_option %}" method="post" class="list_settings"> {% csrf_token %}
62 {{ form.as_p }}
63 <button class="btn btn-primary" type="submit">{%trans "Save changes" %}</button>
64 </form>
65
66=== modified file 'src/postorius/templates/postorius/lists/subscribe.html'
67--- src/postorius/templates/postorius/lists/subscribe.html 2012-03-20 08:16:24 +0000
68+++ src/postorius/templates/postorius/lists/subscribe.html 2012-05-17 15:51:26 +0000
69@@ -3,7 +3,7 @@
70
71 {% block main %}
72 <h1>{% trans 'Subscribe' %} <span>{{ list.fqdn_listname}}</span></h1>
73- <form action="{% url list_subscribe list.fqdn_listname %}" method="post" class="list_subscribe">
74+ <form action="{% url list_subscribe list.fqdn_listname %}" method="post" class="list_subscribe"> {% csrf_token %}
75 {{form.as_p}}
76 <input class="btn btn-primary" type="submit" value="{% trans 'Subscribe' %}" />
77 </form>
78
79=== modified file 'src/postorius/templates/postorius/lists/subscriptions.html'
80--- src/postorius/templates/postorius/lists/subscriptions.html 2012-03-23 17:24:59 +0000
81+++ src/postorius/templates/postorius/lists/subscriptions.html 2012-05-17 15:51:26 +0000
82@@ -4,7 +4,7 @@
83 {% block main %}
84 {{list.list_name}} <span>{{list.display_name}}</span>
85 {% if form_subscribe %}
86- <form action="{%url list_subscriptions list.fqdn_listname %}" method="post" class="subscribe mm_clear" name="subscribe">
87+ <form action="{%url list_subscriptions list.fqdn_listname %}" method="post" class="subscribe mm_clear" name="subscribe"> {% csrf_token %}
88 {{ form_subscribe.as_div }}
89 <div class="field">
90 <button type="submit">{% trans "Subscribe" %}</button>
91@@ -13,7 +13,7 @@
92 </form>
93 {% endif %}
94 {% if form_unsubscribe %}
95- <form action="{% url list_subscriptions list.fqdn_listname %}" method="post" class="unsubscribe mm_clear" name="unsubscribe">
96+ <form action="{% url list_subscriptions list.fqdn_listname %}" method="post" class="unsubscribe mm_clear" name="unsubscribe"> {% csrf_token %}
97 {{ form_unsubscribe.as_div }}
98 <div class="field">
99 <button type="submit">{% trans "Unsubscribe" %}</button>
100
101=== modified file 'src/postorius/templates/postorius/lists/summary.html'
102--- src/postorius/templates/postorius/lists/summary.html 2012-03-23 18:02:50 +0000
103+++ src/postorius/templates/postorius/lists/summary.html 2012-05-17 15:51:26 +0000
104@@ -15,7 +15,7 @@
105
106 <h2>{% trans 'Membership' %}</h2>
107 {% if user.is_authenticated %}
108- <form action="{% url list_subscribe list.fqdn_listname %}" method="post" class="list_subscribe">
109+ <form action="{% url list_subscribe list.fqdn_listname %}" method="post" class="list_subscribe"> {% csrf_token %}
110 {{subscribe_form.as_p}}
111 <input class="btn btn-success" type="submit" value="{% trans 'Subscribe' %}" />
112 <a href="{% url list_unsubscribe list.fqdn_listname user.email %}" class="btn btn-danger">Unsubscribe</a>
113
114=== modified file 'src/postorius/templates/postorius/login.html'
115--- src/postorius/templates/postorius/login.html 2012-03-23 14:40:25 +0000
116+++ src/postorius/templates/postorius/login.html 2012-05-17 15:51:26 +0000
117@@ -5,7 +5,7 @@
118
119 <h2>Login with username and password</h2>
120
121- <form action="" method="post" class="login mm_clear">
122+ <form action="" method="post" class="login mm_clear"> {% csrf_token %}
123 {{ form.as_p }}
124 <div class="field">
125 <button class="btn btn-primary" type="submit">{% trans "Login" %}</button>
126@@ -17,7 +17,7 @@
127 <!--
128 <h2>Login using OpenID</h2>
129
130- <form method="post" action="{% url socialauth_begin 'openid' %}">
131+ <form method="post" action="{% url socialauth_begin 'openid' %}"> {% csrf_token %}
132 OpenID URL: <input type="text" name="openid_identifier" />
133 <input type="submit" value="Login using OpenID" />
134 </form>
135@@ -27,7 +27,7 @@
136
137 <h2>Login using BrowserID</h2>
138
139- <form method="post" action="{% url socialauth_complete "browserid" %}">
140+ <form method="post" action="{% url socialauth_complete "browserid" %}"> {% csrf_token %}
141 <input type="hidden" name="assertion" value="" />
142 <a rel="nofollow" id="browserid" href="#"><img src="{{ STATIC_URL }}postorius/default/img/sign_in_blue.png" alt="Login using BrowserID" /></a>
143 </form>
144@@ -36,7 +36,7 @@
145 {% block additionaljs %}
146 <!-- Include BrowserID JavaScript -->
147 <script src="https://browserid.org/include.js" type="text/javascript"></script>
148-<!-- Setup click handler that retieves BrowserID assertion code and sends
149+<!-- Setup click handler that receives BrowserID assertion code and sends
150 POST data -->
151 <script type="text/javascript">
152 $(function () {
153
154=== modified file 'src/postorius/templates/postorius/menu/general.html'
155--- src/postorius/templates/postorius/menu/general.html 2011-06-24 14:21:23 +0000
156+++ src/postorius/templates/postorius/menu/general.html 2012-05-17 15:51:26 +0000
157@@ -68,9 +68,9 @@
158 {% trans "advertised" %} Link:TODO
159 </a>
160 </li>
161- <li {% if selected == "anonymus_list" %}id="selected"{% endif %}>
162+ <li {% if selected == "anonymous_list" %}id="selected"{% endif %}>
163 <a href="{% comment %}{% url ... %}{% endcomment %}">
164- {% trans "anonymus_list" %} Link:TODO
165+ {% trans "anonymous_list" %} Link:TODO
166 </a>
167 </li>
168 </ul></div>
169
170=== modified file 'src/postorius/templates/postorius/menu/maintanance.html'
171--- src/postorius/templates/postorius/menu/maintanance.html 2011-07-21 14:47:41 +0000
172+++ src/postorius/templates/postorius/menu/maintanance.html 2012-05-17 15:51:26 +0000
173@@ -9,7 +9,7 @@
174 {% trans "Archive" %} #TODO link
175 </a>
176 </li>
177- <li {% if selected == "auto_resonder" %}id="selected"{% endif %}>
178+ <li {% if selected == "auto_responder" %}id="selected"{% endif %}>
179 <a href="{% url list_settings fqdn_listname=fqdn_listname visible_section='Automatic Responses' visible_option=None %}">
180 {% trans "Auto Responder" %}
181 </a>
182@@ -52,9 +52,9 @@
183 {% trans "Message" %} Link:TODO
184 </a>
185 </li>
186- <li {% if selected == "filter_receipent" %}id="selected"{% endif %}>
187+ <li {% if selected == "filter_recipient" %}id="selected"{% endif %}>
188 <a href="{% comment %}{% url ... %}{% endcomment %}">
189- {% trans "Receipent" %} Link:TODO
190+ {% trans "Recipient" %} Link:TODO
191 </a>
192 </li>
193 <li {% if selected == "filter_spam" %}id="selected"{% endif %}>
194
195=== modified file 'src/postorius/templates/postorius/menu/subscriptions.html'
196--- src/postorius/templates/postorius/menu/subscriptions.html 2012-03-13 21:01:27 +0000
197+++ src/postorius/templates/postorius/menu/subscriptions.html 2012-05-17 15:51:26 +0000
198@@ -14,14 +14,14 @@
199 {% trans "Subscribe" %}
200 </a>
201 <div><ul class="menu">
202- <li{% if selected == "join_adress" %}id="selected"{% endif %}>
203+ <li{% if selected == "join_address" %}id="selected"{% endif %}>
204 <a href="{% comment %}{% url ... %}TODO add List{% endcomment %}">
205- {% trans "Join Adress" %} Link:TODO
206+ {% trans "Join Address" %} Link:TODO
207 </a>
208 </li>
209 <li{% if selected == "owner_adress" %}id="selected"{% endif %}>
210 <a href="{% comment %}{% url ... %}TODO add List{% endcomment %}">
211- {% trans "Owner Adress" %} Link:TODO
212+ {% trans "Owner Address" %} Link:TODO
213 </a>
214 </li>
215 <li{% if selected == "mass_subscribe" %}id="selected"{% endif %}>
216@@ -38,7 +38,7 @@
217 <div><ul class="menu">
218 <li{% if selected == "leave_adress" %}id="selected"{% endif %}>
219 <a href="{% comment %}{% url ... %}TODO add List{% endcomment %}">
220- {% trans "Leave Adress" %} Link:TODO
221+ {% trans "Leave Address" %} Link:TODO
222 </a>
223 </li>
224 </ul></div>
225
226=== modified file 'src/postorius/templates/postorius/user_mailmansettings.html'
227--- src/postorius/templates/postorius/user_mailmansettings.html 2012-03-23 17:24:59 +0000
228+++ src/postorius/templates/postorius/user_mailmansettings.html 2012-05-17 15:51:26 +0000
229@@ -55,7 +55,7 @@
230 <h2>List Preferences Overview</h2>
231 <p><em class="errorlist">Sample output: not real</em></p>
232 <input id="btnHide" type="button" value="{% trans "Hide Descriptions" %}"/>
233- <form action="#">
234+ <form action="#"> {% csrf_token %}
235 <table class="table table-bordered table-striped">
236 <tr>
237 <th>{% trans "Setting" %}</th>
238
239=== modified file 'src/postorius/templates/postorius/user_settings.html'
240--- src/postorius/templates/postorius/user_settings.html 2012-03-23 14:40:25 +0000
241+++ src/postorius/templates/postorius/user_settings.html 2012-05-17 15:51:26 +0000
242@@ -16,9 +16,9 @@
243 <div class="mm_boxHeader">
244 {% trans "Content" %}
245 </div>
246- <p>{%trans "Use this page to manage your account. You'll be able to see a list of your subscirbed lists, modify these membership settings of the list and your personal preferences in user_settings <a href='https://bugs.launchpad.net/mailman/+bug/821438' >LP:821438</a> is solved <br>" %}</p>
247+ <p>{%trans "Use this page to manage your account. You'll be able to see a list of your subscribed lists, modify these membership settings of the list and your personal preferences in user_settings <a href='https://bugs.launchpad.net/mailman/+bug/821438' >LP:821438</a> is solved <br>" %}</p>
248 {% if form %}
249- <form action="" method="post" class="user" name="user">
250+ <form action="" method="post" class="user" name="user"> {% csrf_token %}
251 <ul class="">
252 {{ form.as_div }}
253 <li class="field">

Subscribers

People subscribed via source and target branches