Use django to protect forms (except create form, because of other work not commited)

4 files changed, 4 insertions, 0 deletions

diff --git a/papillon/templates/edit.html b/papillon/templates/edit.html
index 647700d..19d621d 100644
--- a/papillon/templates/edit.html
+++ b/papillon/templates/edit.html
@@ -12,6 +12,7 @@
 {% block content %}
  <h2>{% trans "Edit poll" %}</h2>
 <form action="." method="post">
+    {% csrf_token %}
 <table class='new_poll'>
   <tr>
    <td><label>{% trans "Poll url" %}</label></td>
diff --git a/papillon/templates/editChoices.html b/papillon/templates/editChoices.html
index 7e059a8..293f567 100644
--- a/papillon/templates/editChoices.html
+++ b/papillon/templates/editChoices.html
@@ -4,6 +4,7 @@
 <h2>{% trans "New choice" %}</h2>
 {%if form_new_choice.errors %} <p class='error'>{{form_new_choice.errors}}</p>{%endif%}
 <form action="." method="post">
+    {% csrf_token %}
 {{form_new_choice.poll}}
 {{form_new_choice.order}}
 <table class='new_poll'>
diff --git a/papillon/templates/editChoicesAdmin.html b/papillon/templates/editChoicesAdmin.html
index d296a16..78d3be5 100644
--- a/papillon/templates/editChoicesAdmin.html
+++ b/papillon/templates/editChoicesAdmin.html
@@ -28,6 +28,7 @@
   </tr>
   {% for choice in choices %}
  <form action="." method="post">
+    {% csrf_token %}
   {{choice.form.poll}}{{choice.form.order}}<tr>
    {%if not poll.dated_choices%}<td><a href='?up_choice={{choice.id}}' class='arrow'>+</a>
    / <a href='?down_choice={{choice.id}}' class='arrow'>-</a></td>{%endif%}
diff --git a/papillon/templates/vote.html b/papillon/templates/vote.html
index 204f553..8861e6c 100644
--- a/papillon/templates/vote.html
+++ b/papillon/templates/vote.html
@@ -15,6 +15,7 @@
 {% if not poll.open %}<p class='alert'>{% trans "The current poll is closed."%}</p>{% endif %}
  <p>{{ poll.description|safe }}</p>
  <form method='post' action='.'>
+     {% csrf_token %}
  <div id='poll_table'>
  <table id='poll'>
  <tr>