qzwi/ldap-frontend
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity

add CSRF validation

Browse source
This commit is contained in:
Franzi 2021-12-21 16:57:39 +01:00
parent ae5a18138b
commit e32089c81e
Signed by: kunsi
GPG key ID: 12E3D2136B818350
5 changed files with 21 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
ldap_frontend/templates/groups/members.html
View file

@ -16,6 +16,7 @@
<td>{{ member["cn"] }}</td>
<td>
<form action="{{ url_for("group_edit", ou=ou) }}" method="post">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}"/>
<input type="hidden" name="remove" value="{{ member["uid"] }}">
<input type="submit" value="remove" class="btn btn-danger">
</form>
@ -25,6 +26,7 @@
</tbody>
</table>
<form action="{{ url_for("group_edit", ou=ou) }}" method="post" class="row g-3 needs-validation">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}"/>
<fieldset>
<legend>add user to group</legend>

1
ldap_frontend/templates/login.html
View file

@ -1,6 +1,7 @@
{% extends "layout/default.html" %}
{% block content %}
<form action="{{ url_for("login") }}" method="post">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
<fieldset>
<legend>Login</legend>

2
ldap_frontend/templates/selfservice.html
View file

@ -2,6 +2,7 @@
{% block title %}self service{% endblock %}
{% block content %}
<form action="{{ url_for("selfservice") }}" method="post" class="row g-3 needs-validation">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
<fieldset>
<legend>user data</legend>
@ -47,6 +48,7 @@
</form>
<form action="{{ url_for("selfservice") }}" method="post">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
<fieldset>
<legend>password</legend>