Return-Path: 
 <allura-commits-return-8260-apmail-incubator-allura-commits-archive=incubator.apache.org@incubator.apache.org>
X-Original-To: apmail-incubator-allura-commits-archive@minotaur.apache.org
Delivered-To: apmail-incubator-allura-commits-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id CE50B10798
	for <apmail-incubator-allura-commits-archive@minotaur.apache.org>;
 Wed,  4 Dec 2013 16:42:25 +0000 (UTC)
Received: (qmail 76087 invoked by uid 500); 4 Dec 2013 16:42:22 -0000
Delivered-To: apmail-incubator-allura-commits-archive@incubator.apache.org
Received: (qmail 76026 invoked by uid 500); 4 Dec 2013 16:42:20 -0000
Mailing-List: contact allura-commits-help@incubator.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:allura-commits-help@incubator.apache.org>
List-Unsubscribe: <mailto:allura-commits-unsubscribe@incubator.apache.org>
List-Post: <mailto:allura-commits@incubator.apache.org>
List-Id: <allura-commits.incubator.apache.org>
Reply-To: allura-dev@incubator.apache.org
Delivered-To: mailing list allura-commits@incubator.apache.org
Received: (qmail 75986 invoked by uid 99); 4 Dec 2013 16:42:18 -0000
Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org)
 (140.211.11.114)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 04 Dec 2013 16:42:18 +0000
Received: by tyr.zones.apache.org (Postfix, from userid 65534)
	id 5F4F3B600; Wed,  4 Dec 2013 16:42:18 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: brondsem@apache.org
To: allura-commits@incubator.apache.org
Date: Wed, 04 Dec 2013 16:42:19 -0000
Message-Id: <7f5449d446b842d6b2e260d4d6ff4ec2@git.apache.org>
In-Reply-To: <c820903da00949dbb4183b78f4fde447@git.apache.org>
References: <c820903da00949dbb4183b78f4fde447@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: [2/6] git commit: [#5475] ticket:472 JS CSFR protecion has moved to
 csfr_token Jinja macro

[#5475] ticket:472 JS CSFR protecion has moved to csfr_token Jinja macro


Project: http://git-wip-us.apache.org/repos/asf/incubator-allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-allura/commit/127ea61f
Tree: http://git-wip-us.apache.org/repos/asf/incubator-allura/tree/127ea61f
Diff: http://git-wip-us.apache.org/repos/asf/incubator-allura/diff/127ea61f

Branch: refs/heads/master
Commit: 127ea61f69d6994ccd6e085ed687a0a6486439c7
Parents: 6449dbb
Author: Andrej Aleksandrov <pinelounge@gmail.com>
Authored: Thu Nov 7 10:52:00 2013 +0200
Committer: Dave Brondsema <dbrondsema@slashdotmedia.com>
Committed: Wed Dec 4 15:35:11 2013 +0000

----------------------------------------------------------------------
 Allura/allura/public/nf/js/allura-base.js       | 4 ----
 Allura/allura/templates/jinja_master/lib.html   | 7 +++++++
 Allura/allura/templates/widgets/forge_form.html | 2 ++
 3 files changed, 9 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/127ea61f/Allura/allura/public/nf/js/allura-base.js
----------------------------------------------------------------------
diff --git a/Allura/allura/public/nf/js/allura-base.js b/Allura/allura/public/nf/js/allura-base.js
index 5973609..e6e205e 100644
--- a/Allura/allura/public/nf/js/allura-base.js
+++ b/Allura/allura/public/nf/js/allura-base.js
@@ -213,10 +213,6 @@ $(function(){
         }
     });
 
-    // Provide CSRF protection
-    var cval = $.cookie('_session_id');
-    $('form[method=post]').append('<input name="_session_id" type="hidden" value="'+cval+'">');
-
     var SN_ID=0, SN_VIEWS=1, SN_CLOSED=2;
     $('#site-notification .btn-close').click(function(e) {
         var $note = $(this).parent();

http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/127ea61f/Allura/allura/templates/jinja_master/lib.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/jinja_master/lib.html b/Allura/allura/templates/jinja_master/lib.html
index 8f6ddf2..4162368 100644
--- a/Allura/allura/templates/jinja_master/lib.html
+++ b/Allura/allura/templates/jinja_master/lib.html
@@ -16,6 +16,13 @@
        specific language governing permissions and limitations
        under the License.
 -#}
+
+{% macro csrf_token() -%}
+  {% if request %}
+    <input name="_session_id" type="hidden" value="{{request.cookies['_session_id']}}">
+  {% endif %}
+{%- endmacro %}
+
 {% macro related_artifacts(artifact) -%}
   {% set related_artifacts = artifact.related_artifacts() %}
   {% if related_artifacts %}

http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/127ea61f/Allura/allura/templates/widgets/forge_form.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/widgets/forge_form.html b/Allura/allura/templates/widgets/forge_form.html
index adbc01c..de20c42 100644
--- a/Allura/allura/templates/widgets/forge_form.html
+++ b/Allura/allura/templates/widgets/forge_form.html
@@ -16,6 +16,7 @@
        specific language governing permissions and limitations
        under the License.
 -#}
+{% import 'allura:templates/jinja_master/lib.html' as lib with context %}
 <form method="{{method}}"
       {% if enctype %}enctype="{{enctype}}"{% endif %}
       {% if target %}target="{{target}}"{% endif %}
@@ -53,4 +54,5 @@
   {% endif %}
   {% if widget.antispam %}{% for fld in g.antispam.extra_fields() %}
   {{fld}}{% endfor %}{% endif %}
+  {{lib.csrf_token()}} 
 </form>