summaryrefslogtreecommitdiff
path: root/boardvoting
diff options
context:
space:
mode:
authorJan Dittberner <jan@dittberner.info>2018-03-31 10:50:06 +0200
committerJan Dittberner <jan@dittberner.info>2018-03-31 10:50:06 +0200
commit5977eb5a7a388245b2b956051547516f53bf9222 (patch)
treeb16f831cbc1a372b22a5eba6237f4139b72eb4b5 /boardvoting
parent33f75bdf1d72984eb6ef260de639418e0cb18949 (diff)
downloadcacert-boardvoting-5977eb5a7a388245b2b956051547516f53bf9222.tar.gz
cacert-boardvoting-5977eb5a7a388245b2b956051547516f53bf9222.tar.xz
cacert-boardvoting-5977eb5a7a388245b2b956051547516f53bf9222.zip
Implement CSRF protection
Diffstat (limited to 'boardvoting')
-rw-r--r--boardvoting/templates/create_motion_form.html1
-rw-r--r--boardvoting/templates/direct_vote_form.html20
-rw-r--r--boardvoting/templates/proxy_vote_form.html22
-rw-r--r--boardvoting/templates/withdraw_motion_form.html3
4 files changed, 27 insertions, 19 deletions
diff --git a/boardvoting/templates/create_motion_form.html b/boardvoting/templates/create_motion_form.html
index 5958aa7..ef72ec6 100644
--- a/boardvoting/templates/create_motion_form.html
+++ b/boardvoting/templates/create_motion_form.html
@@ -9,6 +9,7 @@
<div class="column">
<div class="ui raised segment">
<form action="/newmotion/" method="post">
+ {{ csrfField }}
<div class="ui form{{ if .Form.Errors }} error{{ end }}">
<div class="three fields">
<div class="field">
diff --git a/boardvoting/templates/direct_vote_form.html b/boardvoting/templates/direct_vote_form.html
index 649c059..66e21a9 100644
--- a/boardvoting/templates/direct_vote_form.html
+++ b/boardvoting/templates/direct_vote_form.html
@@ -9,19 +9,23 @@
{{ with .Decision }}
<div class="column">
<div class="ui raised segment">
- {{ template "motion_fragment" . }}
+ {{ template "motion_fragment" . }}
</div>
</div>
{{ end }}
<form action="/vote/{{ .Decision.Tag }}/{{ .VoteChoice }}" method="post">
+{{ csrfField }}
<div class="ui form">
- {{ if eq 1 .VoteChoice }}
- <button class="ui right labeled green icon button" type="submit"><i class="check circle icon"></i> Vote {{ .VoteChoice }}</button>
- {{ else if eq -1 .VoteChoice }}
- <button class="ui right labeled red icon button" type="submit"><i class="minus circle icon"></i> Vote {{ .VoteChoice }}</button>
- {{ else }}
- <button class="ui right labeled grey icon button" type="submit"><i class="circle icon"></i> Vote {{ .VoteChoice }}</button>
- {{ end }}
+ {{ if eq 1 .VoteChoice }}
+ <button class="ui right labeled green icon button" type="submit"><i class="check circle icon"></i>
+ Vote {{ .VoteChoice }}</button>
+ {{ else if eq -1 .VoteChoice }}
+ <button class="ui right labeled red icon button" type="submit"><i class="minus circle icon"></i>
+ Vote {{ .VoteChoice }}</button>
+ {{ else }}
+ <button class="ui right labeled grey icon button" type="submit"><i class="circle icon"></i>
+ Vote {{ .VoteChoice }}</button>
+ {{ end }}
</div>
</form>
{{ template "footer.html" . }} \ No newline at end of file
diff --git a/boardvoting/templates/proxy_vote_form.html b/boardvoting/templates/proxy_vote_form.html
index 3a344c3..97ae86b 100644
--- a/boardvoting/templates/proxy_vote_form.html
+++ b/boardvoting/templates/proxy_vote_form.html
@@ -10,20 +10,21 @@
</div>
<div class="column">
<div class="ui raised segment">
- {{ with .Decision }}
+ {{ with .Decision }}
{{ template "motion_fragment" . }}
{{ end }}
<form action="/proxy/{{ .Decision.Tag }}" method="post">
+ {{ csrfField }}
<div class="ui form{{ if .Form.Errors }} error{{ end }}">
<div class="two fields">
<div class="required field{{ if .Form.Errors.Voter }} error{{ end }}">
<label for="Voter">Voter</label>
<select name="Voter">
- {{ range .Voters }}
+ {{ range .Voters }}
<option value="{{ .Id }}"
- {{ if eq (.Id | print) $form.Voter }}
+ {{ if eq (.Id | print) $form.Voter }}
selected{{ end }}>{{ .Name }}</option>
- {{ end }}
+ {{ end }}
</select>
</div>
<div class="required field{{ if .Form.Errors.Vote }} error{{ end }}">
@@ -39,14 +40,15 @@
<label for="Justification">Justification</label>
<textarea name="Justification" rows="2">{{ .Form.Justification }}</textarea>
</div>
- {{ with .Form.Errors }}
+ {{ with .Form.Errors }}
<div class="ui error message">
- {{ with .Voter }}<p>{{ . }}</p>{{ end }}
- {{ with .Vote }}<p>{{ . }}</p>{{ end }}
- {{ with .Justification }}<p>{{ . }}</p>{{ end }}
+ {{ with .Voter }}<p>{{ . }}</p>{{ end }}
+ {{ with .Vote }}<p>{{ . }}</p>{{ end }}
+ {{ with .Justification }}<p>{{ . }}</p>{{ end }}
</div>
- {{ end }}
- <button class="ui primary left labeled icon button" type="submit"><i class="users icon"></i> Proxy Vote</button>
+ {{ end }}
+ <button class="ui primary left labeled icon button" type="submit"><i class="users icon"></i> Proxy Vote
+ </button>
</div>
</form>
</div>
diff --git a/boardvoting/templates/withdraw_motion_form.html b/boardvoting/templates/withdraw_motion_form.html
index 87ebb57..7b444e7 100644
--- a/boardvoting/templates/withdraw_motion_form.html
+++ b/boardvoting/templates/withdraw_motion_form.html
@@ -9,11 +9,12 @@
{{ with .Decision }}
<div class="column">
<div class="ui raised segment">
- {{ template "motion_fragment" . }}
+ {{ template "motion_fragment" . }}
</div>
</div>
{{ end }}
<form action="/motions/{{ .Decision.Tag }}/withdraw" method="post">
+{{ csrfField }}
<div class="ui form">
<button class="ui primary left labeled icon button" type="submit"><i class="trash icon"></i> Withdraw</button>
</div>