Change request -- fas template csrf fix
Mike McGrath
mmcgrath at redhat.com
Thu Mar 12 15:51:48 UTC 2009
On Thu, 12 Mar 2009, Toshio Kuratomi wrote:
> Found a template in fas that is not adding the csrf token properly.
>
> The Add User button on:
> https://admin.fedoraproject.org/accounts/group/view/
>
> This is just an annoyance (one particular link leading people to the
> CSRF login page instead of directly to the action they requested) but
> the fix is easy and non-intrusive.
>
> Patch is:
>
> @@ -77,7 +77,8 @@
> <py:if test="can_sponsor">
> <dt>${_('Add User:')}</dt>
> <dd>
> - <form action="${tg.url('/group/application_screen/%s' %
> group.name)}">
> + <form action="${tg.url('/group/application_screen/%s' %
> group.name)}"
> + method="post">
> <input type='text' size='15' name='targetname'/>
> <input type="submit" value="${('Add')}" />
>
+1
-Mike
More information about the Fedora-infrastructure-list
mailing list