Change request -- fas template csrf fix
Toshio Kuratomi
a.badger at gmail.com
Thu Mar 12 15:05:45 UTC 2009
Found a template in fas that is not adding the csrf token properly.
The Add User button on:
https://admin.fedoraproject.org/accounts/group/view/
This is just an annoyance (one particular link leading people to the
CSRF login page instead of directly to the action they requested) but
the fix is easy and non-intrusive.
Patch is:
@@ -77,7 +77,8 @@
<py:if test="can_sponsor">
<dt>${_('Add User:')}</dt>
<dd>
- <form action="${tg.url('/group/application_screen/%s' %
group.name)}">
+ <form action="${tg.url('/group/application_screen/%s' %
group.name)}"
+ method="post">
<input type='text' size='15' name='targetname'/>
<input type="submit" value="${('Add')}" />
-Toshio
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-infrastructure-list/attachments/20090312/94086d94/attachment.sig>
More information about the Fedora-infrastructure-list
mailing list