[myexperiment-hackers] [2765] branches/rails2/app/views: fixed issues with CSRF detection and tagging

[noreply]

Revision

2765

Author

dgc

Date

2011-10-25 18:16:30 -0400 (Tue, 25 Oct 2011)

Log Message

fixed issues with CSRF detection and tagging

Modified Paths

• branches/rails2/app/views/tags/_tags_box.rhtml
• branches/rails2/app/views/tags/_tags_form.rhtml
• branches/rails2/app/views/workflows/tag_suggestions.rhtml

Diff

Modified: branches/rails2/app/views/tags/_tags_box.rhtml (2764 => 2765)

--- branches/rails2/app/views/tags/_tags_box.rhtml	2011-10-25 18:05:24 UTC (rev 2764)
+++ branches/rails2/app/views/tags/_tags_box.rhtml	2011-10-25 22:16:30 UTC (rev 2765)
@@ -25,7 +25,7 @@
 						<div class="auto_complete" id="tags_auto_complete" ></div>
 						<%= auto_complete_field :tag_list,
 								:update => "tags_auto_complete",
-								:url ="" {:controller => 'tags', :action ="" 'auto_complete'},
+								:url ="" {:controller => 'tags', :action ="" 'auto_complete', :authenticity_token => form_authenticity_token},
 								:tokens => ',',
 								:indicator => "addtag_indicator" -%>
 					</p>

Modified: branches/rails2/app/views/tags/_tags_form.rhtml (2764 => 2765)

--- branches/rails2/app/views/tags/_tags_form.rhtml	2011-10-25 18:05:24 UTC (rev 2764)
+++ branches/rails2/app/views/tags/_tags_form.rhtml	2011-10-25 22:16:30 UTC (rev 2765)
@@ -48,7 +48,7 @@
 					<div class="auto_complete" id="tags_auto_complete" ></div>
 					<%= auto_complete_field "tags_input",
 										:update => "tags_auto_complete",
-										:url ="" {:controller => 'tags', :action ="" 'auto_complete'},
+										:url ="" {:controller => 'tags', :action ="" 'auto_complete', :authenticity_token => form_authenticity_token},
 										:tokens => ',',
 										:indicator => "tagautocomplete_indicator" -%>
 					<img id="tagautocomplete_indicator" style="margin-top: 0.2em; display: none;" src="" />&nbsp;

Modified: branches/rails2/app/views/workflows/tag_suggestions.rhtml (2764 => 2765)

--- branches/rails2/app/views/workflows/tag_suggestions.rhtml	2011-10-25 18:05:24 UTC (rev 2764)
+++ branches/rails2/app/views/workflows/tag_suggestions.rhtml	2011-10-25 22:16:30 UTC (rev 2765)
@@ -5,6 +5,8 @@
 
 <form action="" "/workflows/address@hidden/process_tag_suggestions" %>" method="post">
 
+  <%= hidden_field_tag :authenticity_token, form_authenticity_token -%>
+
   <% if @workflow.body.nil? || @workflow.body == "" %>
 
     <h2>Workflow description</h2>