Merge pull request #493 from ikedas/racke/pr/csrftoken

Additional changes for #492

Merge pull request #493 from ikedas/racke/pr/csrftoken
Additional changes for #492
fb2652d0 · Stefan Hornburg (Racke) · GitHub · a47ff9e7 · b30815ce · fb2652d0
Unverified Commit fb2652d0 authored Dec 07, 2018 by Stefan Hornburg (Racke) Committed by GitHub Dec 07, 2018
--- a/default/web_tt2/admin.tt2
+++ b/default/web_tt2/admin.tt2
@@ -29,7 +29,6 @@
 [% IF is_privileged_owner %]        
  [% IF list_conf.status == 'closed' ~%]
    <form name="manage_list_status" action="[% path_cgi %]" method="post">
-    <input type="hidden" name="csrftoken" value="[% csrftoken %]" />
    <div>
    <input class="MainMenuLinks" type="submit" name="action_open_list"
      value="[%|loc%]Restore List[%END%]" />
@@ -45,7 +44,6 @@
    </a></p>
  [%~ ELSE ~%]
    <form name="manage_list_status" action="[% path_cgi %]" method="post">
-    <input type="hidden" name="csrftoken" value="[% csrftoken %]" />
    <div>
    <input class="MainMenuLinks" type="submit" name="action_close_list"
      value="[%|loc%]Remove List[%END%]" />
@@ -57,7 +55,6 @@
  [% IF may_create_list && ! is_included ~%]
    <form name="manage_list_name" action="[% path_cgi %]" method="post">
    <fieldset>
-    <input type="hidden" name="csrftoken" value="[% csrftoken %]" />
    <input class="MainMenuLinks" type="submit" name="action_rename_list_request" value="[%|loc%]Rename List[%END%]"/> [%|loc%]Allows you to change this list's name. Everything related to the list will be renamed, including the mail aliases and the web archives.[%END%]
    <input type="hidden" name="list" value="[% list %]"/>
    </fieldset>
@@ -67,7 +64,6 @@

 [% IF is_listmaster || is_owner %]
 <form name="manage_shared_status" action="[% path_cgi %]" method="post">
-<input type="hidden" name="csrftoken" value="[% csrftoken %]" />
 <div>
 [% IF shared == 'none' %]
  <input class="MainMenuLinks" type="submit" name="action_d_admin" value="[%|loc%]Create Shared[%END%]"/> [%|loc%]Initializes the shared document web space.[%END%]

--- a/default/web_tt2/arc_manage.tt2
+++ b/default/web_tt2/arc_manage.tt2
@@ -14,7 +14,6 @@
 </p>

 <form class="noborder" name="zip_form" method="post" action="[% path_cgi %]">
-<input type="hidden" name="csrftoken" value="[% csrftoken %]" />
 <div>
  <label for="directories">[%|loc%]Archive Selection:[%END%]</label><br />
  <select name="directories" id="directories" multiple="multiple" size="4">    

--- a/default/web_tt2/arcsearch.tt2
+++ b/default/web_tt2/arcsearch.tt2
@@ -95,7 +95,6 @@

 <form method="post" action="[% path_cgi %]" class="noborder">
 <fieldset>
-<input type="hidden" name="csrftoken" value="[% csrftoken %]" />
 <input type="hidden" name="list" value="[% list %]" />
 <input type="hidden" name="archive_name" value="[% archive_name %]" />
 <input type="hidden" name="key_word" value="[% key_word %]" />

--- a/default/web_tt2/arcsearch_form.tt2
+++ b/default/web_tt2/arcsearch_form.tt2
@@ -11,7 +11,6 @@

 <form id="bold_label" method="post" action="[% path_cgi %]">
 <fieldset>
-<input type="hidden" name="csrftoken" value="[% csrftoken %]" />
 <input name="list" type="hidden" value="[% list %]" />
 <input name="archive_name" type="hidden" value="[% archive_name %]" />


--- a/default/web_tt2/blacklist.tt2
+++ b/default/web_tt2/blacklist.tt2
@@ -25,7 +25,6 @@
 [% rows = rows+2 %]
 <form class="noborder" action="[% 'blacklist' | url_rel %]" method="post">
 <fieldset>
-  <input type="hidden" name="csrftoken" value="[% csrftoken %]" />
  <textarea name="blacklist" cols="80" rows="[% rows %]">
    [%~ blacklist ~%]
  </textarea><br />

--- a/default/web_tt2/choosepasswd.tt2
+++ b/default/web_tt2/choosepasswd.tt2
@@ -4,7 +4,6 @@
 You will need this password to perform privileged operations.[%END%]
 <br />
 <form action="[% path_cgi %]" method="post">
-  <input type="hidden" name="csrftoken" value="[% csrftoken %]" />
 <fieldset>
 <input type="hidden" name="previous_action" value="[% previous_action %]" />
 <input type="hidden" name="previous_list" value="[% previous_list %]" />

--- a/default/web_tt2/compose_mail.tt2
+++ b/default/web_tt2/compose_mail.tt2
 <!-- compose_mail.tt2 -->
 <form class="noborder" action="[% path_cgi %]" method="post" name="compose_mail" enctype="multipart/form-data">
    <fieldset>
-    <input type="hidden" name="csrftoken" value="[% csrftoken %]" />
    [%|loc(user.email)%]From: %1[%END%]<br />
    [% mailto = BLOCK ~%]
      [% to | mailto(to) | obfuscate(listconf.spam_protection) %]

--- a/default/web_tt2/confirm_action.tt2
+++ b/default/web_tt2/confirm_action.tt2
@@ -227,7 +227,6 @@
 [%~ END %]

 <form action="[% path_cgi %]" method="POST">
-  <input type="hidden" name="csrftoken" value="[% csrftoken %]" />
 [% IF confirm_action == 'add' ~%]
  [% FOREACH e = email ~%]
    <input type="hidden" name="email" value="[% e %]" />

--- a/default/web_tt2/copy_template.tt2
+++ b/default/web_tt2/copy_template.tt2
@@ -4,7 +4,6 @@
 <p>
 <form id="cp_template" action="[% 'copy_template' | url_rel %]" method="post">
 <fieldset>
-  <input type="hidden" name="csrftoken" value="[% csrftoken %]" />
  <legend><strong> [%|loc%]Input template[%END%]</strong> </legend>
  <label>[%|loc%]Template name: [%END%]</label><strong> [% template_name %] </strong><br />
  <label>[%|loc%]Scope: [%END%]</label>[% SWITCH scope -%]

--- a/default/web_tt2/create_automatic_list_request.tt2
+++ b/default/web_tt2/create_automatic_list_request.tt2
@@ -4,7 +4,6 @@
 <p>[%|loc%]With this form, you can create and / or access lists created on the basis of parameters you define.[% END %]</p>
 <form action="[% path_cgi %]" method="post" class="add-request"
 name="create_automatic_list">
-  <input type="hidden" name="csrftoken" value="[% csrftoken %]" />
 [% FOREACH p = family.description.class ~%]
  <h2>[% p.stamp %]</h2>
  <p> [% p.description %]</p>

--- a/default/web_tt2/create_list_request.tt2
+++ b/default/web_tt2/create_list_request.tt2
@@ -6,7 +6,6 @@

 <form action="[% path_cgi %]" method="post">
 <fieldset>
-  <input type="hidden" name="csrftoken" value="[% csrftoken %]" />
  <label for="listname">[%|loc%]List name:[%END%]</label><input type="text" id="listname" name="listname" size="30" value="[% saved.listname %]" />
  <label for="owner">[%|loc%]Owner:[%END%]</label> <span>[% user.email %]</span>    
  <label for="list_type">[%|loc%]List type:[%END%]</label>
@@ -82,7 +81,6 @@

  <form action="[% path_cgi %]" method="post">
  <fieldset>
-  <input type="hidden" name="csrftoken" value="[% csrftoken %]" />
  <select name="list">
  [% FOREACH l = all_lists %]
     <option value="[% l.name %]">[% l.name %]</option>

--- a/default/web_tt2/d_control.tt2
+++ b/default/web_tt2/d_control.tt2
@@ -80,7 +80,6 @@

  <form action="[% path_cgi %]" method="post">
  <fieldset>
-  <input type="hidden" name="csrftoken" value="[% csrftoken %]" />
  <label for="read_access">[%|loc%]Read access[%END%]</label>
  <select id="read_access" name="read_access">
  [% FOREACH s = scenari_read %]
@@ -104,7 +103,6 @@
   [% IF set_owner %]
     <form action="[% path_cgi %]" method="post">
     <fieldset>
-     <input type="hidden" name="csrftoken" value="[% csrftoken %]" />
     <label for="content">[%|loc(shared_doc.name)%]Set the owner of the directory %1[%END%]</label>
     <input type="hidden" name="list" value="[% list %]" />
     <input type="hidden" name="path" value="[% shared_doc.paths.join("/") %]" />

--- a/default/web_tt2/d_editfile.tt2
+++ b/default/web_tt2/d_editfile.tt2
@@ -74,7 +74,6 @@
  [% IF shared_doc.type == 'url' ~%]
  <form method="post" action="[% path_cgi %]">
  <fieldset>
-    <input type="hidden" name="csrftoken" value="[% csrftoken %]" />
    <label for="url">[%|loc%]Bookmark URL[%END%]</label>
    <input id="url" name="url" value="[% shared_doc.url %]" />
    <input class="MainMenuLinks" type="submit" value="[%|loc%]Update[%END%]"
@@ -83,7 +82,6 @@
  [%~ ELSE ~%]
  <form method="post" action="[% path_cgi %]" enctype="multipart/form-data">
  <fieldset>
-    <input type="hidden" name="csrftoken" value="[% csrftoken %]" />
    <label for="uploaded_file">
    [%|loc(shared_doc.name)%]Replace the file %1 with your file[%END%] </label>
    <input id="uploaded_file" type="file" name="uploaded_file" />
@@ -104,7 +102,6 @@
 [% IF textfile %]
  <form action="[% path_cgi %]" method="POST">
  <fieldset>
-  <input type="hidden" name="csrftoken" value="[% csrftoken %]" />
  <label for="content">[%|loc(shared_doc.name)%]Edit the file %1[%END%]</label>
  <textarea id="content" name="content" cols="90" rows="25">
    [%~ shared_doc.content ~%]

--- a/default/web_tt2/d_install_shared.tt2
+++ b/default/web_tt2/d_install_shared.tt2
@@ -8,7 +8,6 @@

 <form action="[% path_cgi %]" method="post">
  <fieldset>
-    <input type="hidden" name="csrftoken" value="[% csrftoken %]" />
    <input id="mode_confirm" class="MainMenuLinks" type="submit" name="mode_confirm" value="[%|loc%]Confirm[%END%]" /></td>
    <input id="mode_cancel" class="MainMenuLinks" type="submit" name="mode_cancel" value="[%|loc%]Cancel[%END%]" /></td>
   <input type="hidden" name="list" value="[% list %]" />

--- a/default/web_tt2/d_properties.tt2
+++ b/default/web_tt2/d_properties.tt2
@@ -86,7 +86,6 @@

  <form action="[% path_cgi %]" method="post">
  <fieldset>
-  <input type="hidden" name="csrftoken" value="[% csrftoken %]" />
  <label for="content">
  [% IF shared_doc.type == 'directory' %]
  [%|loc(shared_doc.name)%]Describe directory '%1'[%END%]
@@ -106,7 +105,6 @@

  <form action="[% path_cgi %]" method="post">
  <fieldset>
-  <input type="hidden" name="csrftoken" value="[% csrftoken %]" />
  <label for="new_name">
  [% IF shared_doc.type == 'directory' %]
  [%|loc(shared_doc.name)%]Rename directory %1[%END%]

--- a/default/web_tt2/d_read.tt2
+++ b/default/web_tt2/d_read.tt2
@@ -295,7 +295,6 @@

    <form method="post" action="[% path_cgi %]">
    <fieldset>
-    <input type="hidden" name="csrftoken" value="[% csrftoken %]" />
    <h6>
    [% IF shared_doc.paths.size ~%]
      [%|loc(shared_doc.name)%]Create a new folder inside folder %1[%END%]
@@ -316,7 +315,6 @@

    <form method="post" action="[% path_cgi %]">
    <fieldset>
-    <input type="hidden" name="csrftoken" value="[% csrftoken %]" />
    <h6> [%|loc%]Create a new file[%END%]</h6>
    <label for="name_file">[%|loc%]File name[%END%]</label> <input id="name_file" maxlength="30" type="text" name="new_name" />
    <input class="MainMenuLinks" type="submit" value="[%|loc%]Create[%END%]" name="action_d_create_child" />
@@ -330,7 +328,6 @@

    <form method="post" action="[% path_cgi %]">
    <fieldset>
-    <input type="hidden" name="csrftoken" value="[% csrftoken %]" />
    <h6>[%|loc%]Add a bookmark[%END%]</h6>
    <label for="name_title">[%|loc%]title[%END%]</label>
      <input id="name_title" maxlength="100" size="25" type="text"
@@ -348,7 +345,6 @@

   <form method="post" action="[% path_cgi %]" enctype="multipart/form-data" >
   <fieldset>
-   <input type="hidden" name="csrftoken" value="[% csrftoken %]" />
   <h6>
   [% IF shared_doc.paths.size %]
     [%|loc(shared_doc.name)%]Upload a file inside folder %1[%END%]
@@ -367,7 +363,6 @@
    [% IF total_edit ~%]
    <form method="post" action="[% path_cgi %]" enctype="multipart/form-data" >
    <fieldset>
-    <input type="hidden" name="csrftoken" value="[% csrftoken %]" />
    <h6>
    [% IF shared_doc.paths.size ~%]
      [%|loc(shared_doc.name)%]Unzip a file inside the folder %1[%END%]

--- a/default/web_tt2/d_upload.tt2
+++ b/default/web_tt2/d_upload.tt2
@@ -11,7 +11,6 @@

 <form action="[% path_cgi %]" method="post">
 <fieldset>
-  <input type="hidden" name="csrftoken" value="[% csrftoken %]" />
  <label for="mode_delete">[%|loc(shortname)%]Do you want to delete the old file %1?[%END%]</label>
    <input id="mode_delete" class="MainMenuLinks" type="submit" name="mode_delete" value="[%|loc%]Delete[%END%]" />
  <label for="new_name">[%|loc(shortname)%]Do you want to rename your file %1?[%END%]</label>

--- a/default/web_tt2/docindex.tt2
+++ b/default/web_tt2/docindex.tt2
@@ -4,7 +4,6 @@
 <form class="noborder toggleContainer" data-toggle-selector="input[name='id']"
  action="[% path_cgi %]" method="POST" name="moderate_shared">
  <fieldset>
-    <input type="hidden" name="csrftoken" value="[% csrftoken %]" />
    <input type="hidden" name="list" value="[% list %]" />
    <input class="MainMenuLinks" type="submit" name="action_d_install_shared" value="[%|loc%]Install[%END%]" />
    <input class="MainMenuLinks" type="submit" name="action_d_reject_shared.quiet" value="[%|loc%]Reject[%END%]" />

--- a/default/web_tt2/dump_scenario.tt2
+++ b/default/web_tt2/dump_scenario.tt2
@@ -20,7 +20,6 @@

 <form action="[% path_cgi %]" method="post">
 <fieldset>
-<input type="hidden" name="csrftoken" value="[% csrftoken %]" />
 <textarea cols="80" rows="10" name="new_scenario_content">[% dumped_scenario %]</textarea><br />
 <input type="hidden" name="list" value="[% list %]" />
 <input type="hidden" name="pname" value="[% pname %]" />

--- a/default/web_tt2/edit.tt2
+++ b/default/web_tt2/edit.tt2
@@ -17,7 +17,6 @@
 <form action="[% path_cgi %]" method="post">
 <fieldset>

-  <input type="hidden" name="csrftoken" value="[% csrftoken %]" />
  <input type="hidden" name="previous_action" value="[% previous_action %]" />
  <input type="hidden" name="list" value="[% list %]" />
  <input type="hidden" name="role" value="[% pS.name %]" />