FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Infrastructure

 
 
LinkBack Thread Tools
 
Old 03-12-2009, 02:50 PM
Ricky Zhou
 
Default Change request -- fas template csrf fix

On 2009-03-12 08:05:45 AM, Toshio Kuratomi wrote:
> Patch is:
>
> @@ -77,7 +77,8 @@
> <py:if test="can_sponsor">
> <dt>${_('Add User:')}</dt>
> <dd>
> - <form action="${tg.url('/group/application_screen/%s' %
> group.name)}">
> + <form action="${tg.url('/group/application_screen/%s' %
> group.name)}"
> + method="post">
> <input type='text' size='15' name='targetname'/>
> <input type="submit" value="${('Add')}" />
+1

Thanks,
Ricky
_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
 
Old 03-12-2009, 02:51 PM
Mike McGrath
 
Default Change request -- fas template csrf fix

On Thu, 12 Mar 2009, Toshio Kuratomi wrote:

> Found a template in fas that is not adding the csrf token properly.
>
> The Add User button on:
> https://admin.fedoraproject.org/accounts/group/view/
>
> This is just an annoyance (one particular link leading people to the
> CSRF login page instead of directly to the action they requested) but
> the fix is easy and non-intrusive.
>
> Patch is:
>
> @@ -77,7 +77,8 @@
> <py:if test="can_sponsor">
> <dt>${_('Add User:')}</dt>
> <dd>
> - <form action="${tg.url('/group/application_screen/%s' %
> group.name)}">
> + <form action="${tg.url('/group/application_screen/%s' %
> group.name)}"
> + method="post">
> <input type='text' size='15' name='targetname'/>
> <input type="submit" value="${('Add')}" />
>

+1

-Mike

_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
 

Thread Tools




All times are GMT. The time now is 06:59 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org