mirror of
https://gitea.mueller.network/extern/django-helpdesk.git
synced 2024-11-07 16:44:03 +01:00
use csrf tokens in all forms
This commit is contained in:
parent
02bdaea76a
commit
a5f801bb52
@ -15,7 +15,18 @@
|
||||
<span class='ticket_toolbar float-right'>
|
||||
<a href="{% url 'helpdesk:edit' ticket.id %}" class="ticket-edit"><button class="btn btn-warning btn-sm"><i class="fas fa-pencil-alt"></i> {% trans "Edit" %}</button></a>
|
||||
| <a href="{% url 'helpdesk:delete' ticket.id %}" class="ticket-delete"><button class="btn btn-danger btn-sm"><i class="fas fa-trash-alt"></i> {% trans "Delete" %}</button></a>
|
||||
{% if ticket.on_hold %} | <a href="{% url 'helpdesk:unhold' ticket.id %}" class="ticket-hold"><button class="btn btn-warning btn-sm"><i class="fas fa-play"></i> {% trans "Unhold" %}</button></a>{% else %} | <a href="{% url 'helpdesk:hold' ticket.id %}" class="ticket-hold"><button class="btn btn-warning btn-sm"><i class="fas fa-pause"></i> {% trans "Hold" %}</button></a>{% endif %}
|
||||
|
|
||||
{% if ticket.on_hold %}
|
||||
<form class="form-inline ticket-hold" method='post' action='unhold/'>
|
||||
{% csrf_token %}
|
||||
<button class="btn btn-warning btn-sm" type='submit'><i class="fas fa-play"></i> {% trans "Unhold" %}</button>
|
||||
</form>
|
||||
{% else %}
|
||||
<form class="form-inline ticket-hold" method='post' action='hold/'>
|
||||
{% csrf_token %}
|
||||
<button class="btn btn-warning btn-sm" type='submit'><i class="fas fa-pause"></i> {% trans "Hold" %}</button>
|
||||
</form>
|
||||
{% endif %}
|
||||
</span></th></tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
|
@ -1277,6 +1277,7 @@ raw_details = staff_member_required(raw_details)
|
||||
|
||||
|
||||
@helpdesk_staff_member_required
|
||||
@requires_csrf_token
|
||||
def hold_ticket(request, ticket_id, unhold=False):
|
||||
ticket = get_object_or_404(Ticket, id=ticket_id)
|
||||
ticket_perm_check(request, ticket)
|
||||
@ -1306,6 +1307,7 @@ hold_ticket = staff_member_required(hold_ticket)
|
||||
|
||||
|
||||
@helpdesk_staff_member_required
|
||||
@requires_csrf_token
|
||||
def unhold_ticket(request, ticket_id):
|
||||
return hold_ticket(request, ticket_id, unhold=True)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user