CSRF protection

2012-08-27 15:19:05 +10:00 · 2012-08-27 15:19:05 +10:00 · 6229b82a43
commit 6229b82a43
parent 4a9d497a94
8 changed files with 82 additions and 44 deletions
--- a/templates/mod/move.html
+++ b/templates/mod/move.html
@ -1,4 +1,5 @@
-<form action="?/{{ board }}/move/{{ post }}" method="post">	
+<form action="?/{{ board }}/move/{{ post }}" method="post">
+	<input type="hidden" name="token" value="{{ token }}">
 	<table>
 		<tr>
 			<th>
@ -23,7 +24,7 @@
 				<ul style="list-style:none;padding:0">
 					{% for targetboard in boards if targetboard.uri != board %}
 						<li>
-							<input type="radio" name="board" value="{{ targetboard.uri }}" id="ban-board-{{ targetboard.uri }}"> 
+							<input type="radio" name="board" value="{{ targetboard.uri }}" id="ban-board-{{ targetboard.uri }}" {% if boards|count == 2 %}checked{% endif %}> 
 							<label style="display:inline" for="ban-board-{{ targetboard.uri }}">
 								{{ config.board_abbreviation|sprintf(targetboard.uri) }} - {{ targetboard.title|e }}
 							</label>