incubator-allura-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From brond...@apache.org
Subject git commit: [#6983] Revert "[#5475] ticket:473 Removed useless csrf tokens from oauth forms"
Date Mon, 16 Dec 2013 23:06:31 GMT
Updated Branches:
  refs/heads/db/6983 [created] 8df4a71db


[#6983] Revert "[#5475] ticket:473 Removed useless csrf tokens from oauth forms"

This reverts commit 5042b1d60bb4bb321a18907057ae3915715085e3.


Project: http://git-wip-us.apache.org/repos/asf/incubator-allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-allura/commit/8df4a71d
Tree: http://git-wip-us.apache.org/repos/asf/incubator-allura/tree/8df4a71d
Diff: http://git-wip-us.apache.org/repos/asf/incubator-allura/diff/8df4a71d

Branch: refs/heads/db/6983
Commit: 8df4a71db918aa355e03c22a5f462fa65433630e
Parents: 52a09e4
Author: Dave Brondsema <dbrondsema@slashdotmedia.com>
Authored: Mon Dec 16 23:04:31 2013 +0000
Committer: Dave Brondsema <dbrondsema@slashdotmedia.com>
Committed: Mon Dec 16 23:04:31 2013 +0000

----------------------------------------------------------------------
 Allura/allura/templates/oauth_applications.html | 3 +++
 Allura/allura/templates/oauth_authorize.html    | 1 +
 2 files changed, 4 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/8df4a71d/Allura/allura/templates/oauth_applications.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/oauth_applications.html b/Allura/allura/templates/oauth_applications.html
index 6bc90a3..3742662 100644
--- a/Allura/allura/templates/oauth_applications.html
+++ b/Allura/allura/templates/oauth_applications.html
@@ -105,6 +105,7 @@
                 <form method="POST" action="revoke_access_token" class="revoke_access_token">
                     <input type="hidden" name="_id" value="{{access_token._id}}"/>
                     <input type="submit" value="Revoke"/>
+                    {{lib.csrf_token()}}
                 </form>
             </td>
         </tr>
@@ -131,10 +132,12 @@
                 <form method="POST" action="deregister" class="deregister_consumer_token">
                     <input type="hidden" name="_id" value="{{consumer_token._id}}"/>
                     <input type="submit" value="Deregister"/>
+                    {{lib.csrf_token()}}
                 </form>
                 <form method="POST" action="generate_access_token" class="generate_access_token">
                     <input type="hidden" name="_id" value="{{consumer_token._id}}"/>
                     <input type="submit" value="Generate Bearer Token"/>
+                    {{lib.csrf_token()}}
                 </form>
             </td>
         </tr>

http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/8df4a71d/Allura/allura/templates/oauth_authorize.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/oauth_authorize.html b/Allura/allura/templates/oauth_authorize.html
index 0aa0437..7177442 100644
--- a/Allura/allura/templates/oauth_authorize.html
+++ b/Allura/allura/templates/oauth_authorize.html
@@ -38,6 +38,7 @@
   <input type="hidden" name="oauth_token" value="{{oauth_token}}"/>
   <input type="submit" name="no" value="No, do not authorize {{ consumer.name }}">
   <input type="submit" name="yes" value="Yes, authorize {{ consumer.name }}"><br>
+  {{lib.csrf_token()}}
 </form>
 <br style="clear:both"/>
 <h2>{{consumer.name}}</h2>


Mime
View raw message