add csrf token to forms #2

2022-11-10 21:54:48 +01:00 · 2022-11-10 21:54:48 +01:00 · d45d5c4284
commit d45d5c4284
parent 891fe36a83
2 changed files with 3 additions and 0 deletions
--- a/app.py
+++ b/app.py
@ -189,6 +189,8 @@ class Page(BaseModel):
    @property
    def prop(self):
        return PagePropertyDict(self)
+    def is_editable(self):
+        return not self.is_locked
            

 class PageText(BaseModel):
--- a/templates/edit.html
+++ b/templates/edit.html
@ -32,6 +32,7 @@
 {% endif %}

 <form method="POST">
+  <input type="hidden" name="csrf_token" value="{{ csrf_token() }}" />
  <div>
    <label for="title"><span class="material-icons">link</span> /</label>
    <input type="text" name="url" class="url-input" placeholder="(No URL)" maxlength="64" value="{{ pl_url or '' }}">