CSRF protection

templates/mod/ban_form.html

@@ -5,6 +5,7 @@
 {% endif %}
 
 <form action="{{ action }}" method="post">
+	<input type="hidden" name="token" value="{{ token }}">
 	{% if redirect %}
 		<input type="hidden" name="redirect" value="{{ redirect|e }}">
 	{% endif %}

templates/mod/confirm.html

@@ -1,7 +1,7 @@
 <p style="text-align:center;font-size:1.1em">
-	{% trans 'Are you sure you want to do that?' %} <a href="?/{{ request }}">{% trans 'Click to proceed to' %} ?/{{ request }}</a>.
+	{% trans 'Are you sure you want to do that?' %} <a href="?/{{ request }}/{{ token }}">{% trans 'Click to proceed to' %} ?/{{ request }}</a>.
 </p>
 <p class="unimportant" style="text-align:center">
-	{% trans 'You are seeing this message because we were unable to serve a confirmation dialog, probably due to Javascript being disabled.' %}
+	{% trans 'You are probably seeing this message because Javascript being disabled. This is a necessary security measure to prevent CSRF attacks.' %}
 </p>
 

templates/mod/move.html

@@ -1,4 +1,5 @@
-<form action="?/{{ board }}/move/{{ post }}" method="post">	
+<form action="?/{{ board }}/move/{{ post }}" method="post">
+	<input type="hidden" name="token" value="{{ token }}">
 	<table>
 		<tr>
 			<th>
@@ -23,7 +24,7 @@
 				<ul style="list-style:none;padding:0">
 					{% for targetboard in boards if targetboard.uri != board %}
 						<li>
-							<input type="radio" name="board" value="{{ targetboard.uri }}" id="ban-board-{{ targetboard.uri }}"> 
+							<input type="radio" name="board" value="{{ targetboard.uri }}" id="ban-board-{{ targetboard.uri }}" {% if boards|count == 2 %}checked{% endif %}> 
 							<label style="display:inline" for="ban-board-{{ targetboard.uri }}">
 								{{ config.board_abbreviation|sprintf(targetboard.uri) }} - {{ targetboard.title|e }}
 							</label>