diff options
| author | Jan Dittberner <jan@dittberner.info> | 2018-03-31 10:50:06 +0200 |
|---|---|---|
| committer | Jan Dittberner <jan@dittberner.info> | 2018-03-31 10:50:06 +0200 |
| commit | 5977eb5a7a388245b2b956051547516f53bf9222 (patch) | |
| tree | b16f831cbc1a372b22a5eba6237f4139b72eb4b5 /boardvoting/templates | |
| parent | 33f75bdf1d72984eb6ef260de639418e0cb18949 (diff) | |
| download | cacert-boardvoting-5977eb5a7a388245b2b956051547516f53bf9222.tar.gz cacert-boardvoting-5977eb5a7a388245b2b956051547516f53bf9222.tar.xz cacert-boardvoting-5977eb5a7a388245b2b956051547516f53bf9222.zip | |
Implement CSRF protection
Diffstat (limited to 'boardvoting/templates')
| -rw-r--r-- | boardvoting/templates/create_motion_form.html | 1 | ||||
| -rw-r--r-- | boardvoting/templates/direct_vote_form.html | 20 | ||||
| -rw-r--r-- | boardvoting/templates/proxy_vote_form.html | 22 | ||||
| -rw-r--r-- | boardvoting/templates/withdraw_motion_form.html | 3 |
4 files changed, 27 insertions, 19 deletions
diff --git a/boardvoting/templates/create_motion_form.html b/boardvoting/templates/create_motion_form.html index 5958aa7..ef72ec6 100644 --- a/boardvoting/templates/create_motion_form.html +++ b/boardvoting/templates/create_motion_form.html @@ -9,6 +9,7 @@ <div class="column"> <div class="ui raised segment"> <form action="/newmotion/" method="post"> + {{ csrfField }} <div class="ui form{{ if .Form.Errors }} error{{ end }}"> <div class="three fields"> <div class="field"> diff --git a/boardvoting/templates/direct_vote_form.html b/boardvoting/templates/direct_vote_form.html index 649c059..66e21a9 100644 --- a/boardvoting/templates/direct_vote_form.html +++ b/boardvoting/templates/direct_vote_form.html @@ -9,19 +9,23 @@ {{ with .Decision }} <div class="column"> <div class="ui raised segment"> - {{ template "motion_fragment" . }} + {{ template "motion_fragment" . }} </div> </div> {{ end }} <form action="/vote/{{ .Decision.Tag }}/{{ .VoteChoice }}" method="post"> +{{ csrfField }} <div class="ui form"> - {{ if eq 1 .VoteChoice }} - <button class="ui right labeled green icon button" type="submit"><i class="check circle icon"></i> Vote {{ .VoteChoice }}</button> - {{ else if eq -1 .VoteChoice }} - <button class="ui right labeled red icon button" type="submit"><i class="minus circle icon"></i> Vote {{ .VoteChoice }}</button> - {{ else }} - <button class="ui right labeled grey icon button" type="submit"><i class="circle icon"></i> Vote {{ .VoteChoice }}</button> - {{ end }} + {{ if eq 1 .VoteChoice }} + <button class="ui right labeled green icon button" type="submit"><i class="check circle icon"></i> + Vote {{ .VoteChoice }}</button> + {{ else if eq -1 .VoteChoice }} + <button class="ui right labeled red icon button" type="submit"><i class="minus circle icon"></i> + Vote {{ .VoteChoice }}</button> + {{ else }} + <button class="ui right labeled grey icon button" type="submit"><i class="circle icon"></i> + Vote {{ .VoteChoice }}</button> + {{ end }} </div> </form> {{ template "footer.html" . }}
\ No newline at end of file diff --git a/boardvoting/templates/proxy_vote_form.html b/boardvoting/templates/proxy_vote_form.html index 3a344c3..97ae86b 100644 --- a/boardvoting/templates/proxy_vote_form.html +++ b/boardvoting/templates/proxy_vote_form.html @@ -10,20 +10,21 @@ </div> <div class="column"> <div class="ui raised segment"> - {{ with .Decision }} + {{ with .Decision }} {{ template "motion_fragment" . }} {{ end }} <form action="/proxy/{{ .Decision.Tag }}" method="post"> + {{ csrfField }} <div class="ui form{{ if .Form.Errors }} error{{ end }}"> <div class="two fields"> <div class="required field{{ if .Form.Errors.Voter }} error{{ end }}"> <label for="Voter">Voter</label> <select name="Voter"> - {{ range .Voters }} + {{ range .Voters }} <option value="{{ .Id }}" - {{ if eq (.Id | print) $form.Voter }} + {{ if eq (.Id | print) $form.Voter }} selected{{ end }}>{{ .Name }}</option> - {{ end }} + {{ end }} </select> </div> <div class="required field{{ if .Form.Errors.Vote }} error{{ end }}"> @@ -39,14 +40,15 @@ <label for="Justification">Justification</label> <textarea name="Justification" rows="2">{{ .Form.Justification }}</textarea> </div> - {{ with .Form.Errors }} + {{ with .Form.Errors }} <div class="ui error message"> - {{ with .Voter }}<p>{{ . }}</p>{{ end }} - {{ with .Vote }}<p>{{ . }}</p>{{ end }} - {{ with .Justification }}<p>{{ . }}</p>{{ end }} + {{ with .Voter }}<p>{{ . }}</p>{{ end }} + {{ with .Vote }}<p>{{ . }}</p>{{ end }} + {{ with .Justification }}<p>{{ . }}</p>{{ end }} </div> - {{ end }} - <button class="ui primary left labeled icon button" type="submit"><i class="users icon"></i> Proxy Vote</button> + {{ end }} + <button class="ui primary left labeled icon button" type="submit"><i class="users icon"></i> Proxy Vote + </button> </div> </form> </div> diff --git a/boardvoting/templates/withdraw_motion_form.html b/boardvoting/templates/withdraw_motion_form.html index 87ebb57..7b444e7 100644 --- a/boardvoting/templates/withdraw_motion_form.html +++ b/boardvoting/templates/withdraw_motion_form.html @@ -9,11 +9,12 @@ {{ with .Decision }} <div class="column"> <div class="ui raised segment"> - {{ template "motion_fragment" . }} + {{ template "motion_fragment" . }} </div> </div> {{ end }} <form action="/motions/{{ .Decision.Tag }}/withdraw" method="post"> +{{ csrfField }} <div class="ui form"> <button class="ui primary left labeled icon button" type="submit"><i class="trash icon"></i> Withdraw</button> </div> |