Fix (some) CSRFs
parent
f60e45df08
commit
ce179f14d4
|
@ -63,7 +63,7 @@ def admin_ldap_sync():
|
|||
form.starving_to_remove.default = diff['starving_to_remove']
|
||||
|
||||
form.process(request.form)
|
||||
if request.method == "POST" and form.validate():
|
||||
if form.validate():
|
||||
changes = {'fatty': {}, 'starving': {}}
|
||||
changes['fatty']['add'] = form.fatty_to_add.data
|
||||
changes['fatty']['remove'] = form.fatty_to_remove.data
|
||||
|
@ -263,7 +263,7 @@ def sendspam():
|
|||
|
||||
form.process(request.form)
|
||||
|
||||
if request.method == 'POST' and form.validate():
|
||||
if form.validate():
|
||||
spam = []
|
||||
for member in members:
|
||||
if member.id not in form.members.data:
|
||||
|
@ -281,7 +281,7 @@ def sendspam():
|
|||
continue
|
||||
|
||||
msg = MIMEText(content, "plain", "utf-8")
|
||||
msg["From"] = "Faszysta Hackerspace'owy <fascist@hackerspace.pl>"
|
||||
msg["From"] = "Kasownik Hackerspace'owy <kasownik@hackerspace.pl>"
|
||||
msg["Subject"] = "Stan składek na dzień %s" % now.strftime("%d/%m/%Y")
|
||||
msg["To"] = member.get_contact_email()
|
||||
spam.append(msg)
|
||||
|
|
|
@ -29,16 +29,16 @@ class MultiCheckboxField(SelectMultipleField):
|
|||
widget = widgets.ListWidget(prefix_label=False)
|
||||
option_widget = widgets.CheckboxInput()
|
||||
|
||||
class LoginForm(Form):
|
||||
class LoginForm(FlaskForm):
|
||||
username = TextField('Username', [validators.Required()])
|
||||
password = PasswordField('Password', [validators.Required()])
|
||||
|
||||
class ContactEmailSettingsForm(Form):
|
||||
class ContactEmailSettingsForm(FlaskForm):
|
||||
local = BooleanField("")
|
||||
ldap = BooleanField("")
|
||||
custom = TextField("Custom address:")
|
||||
|
||||
class LDAPSyncForm(Form):
|
||||
class LDAPSyncForm(FlaskForm):
|
||||
fatty_to_add = MultiCheckboxField("Fatty to add", choices=[])
|
||||
fatty_to_remove = MultiCheckboxField("Fatty to remove", choices=[])
|
||||
starving_to_add = MultiCheckboxField("Starving to add", choices=[])
|
||||
|
|
|
@ -7,6 +7,7 @@
|
|||
<h2>No sync required - groups are up to date.</h2>
|
||||
{% else %}
|
||||
<form method="post" action="/admin/ldapsync">
|
||||
{{ form.hidden_tag() }}
|
||||
<div class="col-md-12">
|
||||
<input type="submit" value="Sync" />
|
||||
</div>
|
||||
|
|
|
@ -2,12 +2,13 @@
|
|||
{% block title %}Sign in{% endblock %}
|
||||
{% block content %}
|
||||
<div class="container">
|
||||
<form class="form-signin" method="post" action="/login">
|
||||
<label for="inputEmail" class="sr-only">Username</label>
|
||||
<input type="text" id="username" class="form-control" name="username" placeholder="Username" required autofocus>
|
||||
<label for="inputPassword" class="sr-only">Password</label>
|
||||
<input type="password" id="password" class="form-control" name="password" placeholder="Password" required>
|
||||
<button class="btn btn-lg btn-primary btn-block" type="submit">Sign in</button>
|
||||
<form class="form-signin" method="post" action="/login">
|
||||
{{ form.hidden_tag() }}
|
||||
<label for="inputEmail" class="sr-only">Username</label>
|
||||
<input type="text" id="username" class="form-control" name="username" placeholder="Username" required autofocus>
|
||||
<label for="inputPassword" class="sr-only">Password</label>
|
||||
<input type="password" id="password" class="form-control" name="password" placeholder="Password" required>
|
||||
<button class="btn btn-lg btn-primary btn-block" type="submit">Sign in</button>
|
||||
</form>
|
||||
</div>
|
||||
{% endblock %}
|
||||
|
|
Loading…
Reference in New Issue