extern/django-helpdesk
1
0
Fork 1
mirror of https://github.com/django-helpdesk/django-helpdesk.git synced 2025-06-01 23:45:43 +02:00
Code Issues Packages Projects Releases Wiki Activity

use csrf tokens in all forms

Browse Source
This commit is contained in:
Garret Wassermann 2021-10-04 23:13:38 -04:00
parent 02bdaea76a
commit a5f801bb52
2 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
helpdesk/templates/helpdesk/ticket_desc_table.html
View File

@ -15,7 +15,18 @@
<span class='ticket_toolbar float-right'> <span class='ticket_toolbar float-right'>
<a href="{% url 'helpdesk:edit' ticket.id %}" class="ticket-edit"><button class="btn btn-warning btn-sm"><i class="fas fa-pencil-alt"></i> {% trans "Edit" %}</button></a> <a href="{% url 'helpdesk:edit' ticket.id %}" class="ticket-edit"><button class="btn btn-warning btn-sm"><i class="fas fa-pencil-alt"></i> {% trans "Edit" %}</button></a>
| <a href="{% url 'helpdesk:delete' ticket.id %}" class="ticket-delete"><button class="btn btn-danger btn-sm"><i class="fas fa-trash-alt"></i> {% trans "Delete" %}</button></a> | <a href="{% url 'helpdesk:delete' ticket.id %}" class="ticket-delete"><button class="btn btn-danger btn-sm"><i class="fas fa-trash-alt"></i> {% trans "Delete" %}</button></a>
{% if ticket.on_hold %} | <a href="{% url 'helpdesk:unhold' ticket.id %}" class="ticket-hold"><button class="btn btn-warning btn-sm"><i class="fas fa-play"></i> {% trans "Unhold" %}</button></a>{% else %} | <a href="{% url 'helpdesk:hold' ticket.id %}" class="ticket-hold"><button class="btn btn-warning btn-sm"><i class="fas fa-pause"></i> {% trans "Hold" %}</button></a>{% endif %} |
{% if ticket.on_hold %}
<form class="form-inline ticket-hold" method='post' action='unhold/'>
{% csrf_token %}
<button class="btn btn-warning btn-sm" type='submit'><i class="fas fa-play"></i> {% trans "Unhold" %}</button>
</form>
{% else %}
<form class="form-inline ticket-hold" method='post' action='hold/'>
{% csrf_token %}
<button class="btn btn-warning btn-sm" type='submit'><i class="fas fa-pause"></i> {% trans "Hold" %}</button>
</form>
{% endif %}
</span></th></tr> </span></th></tr>
</thead> </thead>
<tbody> <tbody>

2
helpdesk/views/staff.py
View File

@ -1277,6 +1277,7 @@ raw_details = staff_member_required(raw_details)
@helpdesk_staff_member_required @helpdesk_staff_member_required
@requires_csrf_token
def hold_ticket(request, ticket_id, unhold=False): def hold_ticket(request, ticket_id, unhold=False):
ticket = get_object_or_404(Ticket, id=ticket_id) ticket = get_object_or_404(Ticket, id=ticket_id)
ticket_perm_check(request, ticket) ticket_perm_check(request, ticket)
@ -1306,6 +1307,7 @@ hold_ticket = staff_member_required(hold_ticket)
@helpdesk_staff_member_required @helpdesk_staff_member_required
@requires_csrf_token
def unhold_ticket(request, ticket_id): def unhold_ticket(request, ticket_id):
return hold_ticket(request, ticket_id, unhold=True) return hold_ticket(request, ticket_id, unhold=True)