Andreas/tracks
1
0
Fork 0
mirror of https://github.com/TracksApp/tracks.git synced 2026-01-06 17:28:50 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix #1450 by adding CSRF-token to the mobile forms

Browse source
This commit is contained in:
Reinier Balt 2014-01-02 16:45:37 +01:00
parent 468274c5d1
commit 77778da0f8
1 changed files with 20 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

34
app/views/todos/show.m.erb
View file

@ -4,36 +4,42 @@
<h2><Actions><%= t('common.actions') %></h2>
<form method="get" action="<%= edit_todo_path(@todo, :format => :m)%>">
<button><%=t('todos.edit_action')%></button>
<input type="hidden" name="_method" value="put" />
<button><%=t('todos.edit_action')%></button>
<input type="hidden" name="_method" value="put" />
</form>
<form method="post" action="<%=toggle_star_todo_path(@todo, :format=>:m)%>">
<button><%=t('todos.star_action')%></button>
<input type="hidden" name="_method" value="put" />
<button><%=t('todos.star_action')%></button>
<input type="hidden" name="_method" value="put" />
<%= token_tag %>
</form>
<form method="post" action="<%=toggle_check_todo_path(@todo, :format=>:m)%>">
<button><%= t('todos.mark_complete')%></button>
<input type="hidden" name="_method" value="put" />
<button><%= t('todos.mark_complete')%></button>
<input type="hidden" name="_method" value="put" />
<%= token_tag %>
</form>
<form method="post" action="<%=defer_todo_path(@todo, :format=>:m, :days => 1)%>">
<button><%=t('todos.defer_x_days', :count => 1)%></button>
<input type="hidden" name="_method" value="put" />
<button><%=t('todos.defer_x_days', :count => 1)%></button>
<input type="hidden" name="_method" value="put" />
<%= token_tag %>
</form>
<form method="post" action="<%=defer_todo_path(@todo, :format=>:m, :days => 2)%>">
<button><%=t('todos.defer_x_days', :count => 2)%></button>
<input type="hidden" name="_method" value="put" />
<button><%=t('todos.defer_x_days', :count => 2)%></button>
<input type="hidden" name="_method" value="put" />
<%= token_tag %>
</form>
<form method="post" action="<%=defer_todo_path(@todo, :format=>:m, :days => 3)%>">
<button><%=t('todos.defer_x_days', :count => 3)%></button>
<input type="hidden" name="_method" value="put" />
<button><%=t('todos.defer_x_days', :count => 3)%></button>
<input type="hidden" name="_method" value="put" />
<%= token_tag %>
</form>
<form method="post" action="<%=defer_todo_path(@todo, :format=>:m, :days => 7)%>">
<button><%=t('todos.defer_x_days', :count => 7)%></button>
<input type="hidden" name="_method" value="put" />
<button><%=t('todos.defer_x_days', :count => 7)%></button>
<input type="hidden" name="_method" value="put" />
<%= token_tag %>
</form>