On Thu, 12 Mar 2009, Toshio Kuratomi wrote:
> Found a template in fas that is not adding the csrf token properly.
>
> The Add User button on:
> https://admin.fedoraproject.org/accounts/group/view/
>
> This is just an annoyance (one particular link leading people to the
> CSRF login page instead of directly to the action they requested) but
> the fix is easy and non-intrusive.
>
> Patch is:
>
> @@ -77,7 +77,8 @@
> <py:if test="can_sponsor">
> <dt>${_('Add User:')}</dt>
> <dd>
> - <form action="${tg.url('/group/application_screen/%s' %
> group.name)}">
> + <form action="${tg.url('/group/application_screen/%s' %
> group.name)}"
> + method="post">
> <input type='text' size='15' name='targetname'/>
> <input type="submit" value="${('Add')}" />
>
+1
-Mike
_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
