diff options
| author | slene <vslene@gmail.com> | 2014-03-23 01:44:02 +0800 |
|---|---|---|
| committer | slene <vslene@gmail.com> | 2014-03-23 01:44:02 +0800 |
| commit | 076fc98d981aea3533eea363ca1c7e43f77b9802 (patch) | |
| tree | 596d754de0d53a7e0794dcd61122ddb85298a0e1 /templates/admin | |
| parent | 01e781dedb3c6d48349516de0eee5cea41c077e1 (diff) | |
| download | gitea-076fc98d981aea3533eea363ca1c7e43f77b9802.tar.gz gitea-076fc98d981aea3533eea363ca1c7e43f77b9802.zip | |
add csrf check
Diffstat (limited to 'templates/admin')
| -rw-r--r-- | templates/admin/users/edit.tmpl | 1 | ||||
| -rw-r--r-- | templates/admin/users/new.tmpl | 1 |
2 files changed, 2 insertions, 0 deletions
diff --git a/templates/admin/users/edit.tmpl b/templates/admin/users/edit.tmpl index 2a9882423a..08f11fcb12 100644 --- a/templates/admin/users/edit.tmpl +++ b/templates/admin/users/edit.tmpl @@ -12,6 +12,7 @@ <br/> <form action="/admin/users/{{.User.Id}}" method="post" class="form-horizontal"> {{if .IsSuccess}}<p class="alert alert-success">Account profile has been successfully updated.</p>{{else if .HasError}}<p class="alert alert-danger form-error">{{.ErrorMsg}}</p>{{end}} + {{.CsrfTokenHtml}} <input type="hidden" value="{{.User.Id}}" name="userId"/> <div class="form-group"> <label class="col-md-3 control-label">Username: </label> diff --git a/templates/admin/users/new.tmpl b/templates/admin/users/new.tmpl index 01d976caa0..7b41ae43a7 100644 --- a/templates/admin/users/new.tmpl +++ b/templates/admin/users/new.tmpl @@ -11,6 +11,7 @@ <div class="panel-body"> <br/> <form action="/admin/users/new" method="post" class="form-horizontal"> + {{.CsrfTokenHtml}} <div class="alert alert-danger form-error{{if .HasError}}{{else}} hidden{{end}}">{{.ErrorMsg}}</div> <div class="form-group {{if .Err_UserName}}has-error has-feedback{{end}}"> <label class="col-md-3 control-label">Username: </label> |