add csrf check

2014-03-23 01:44:02 +08:00
parent 01e781dedb
commit 076fc98d98
18 changed files with 208 additions and 46 deletions
--- a/templates/user/setting.tmpl
+++ b/templates/user/setting.tmpl
@@ -6,6 +6,7 @@
        <div id="gogs-setting-pwd">
            <h4>Account Profile</h4>
            <form class="form-horizontal" id="gogs-password-form" method="post" action="/user/setting">
+                {{.CsrfTokenHtml}}
                {{if .IsSuccess}}<p class="alert alert-success">Your profile has been successfully updated.</p>{{else if .HasError}}<p class="alert alert-danger form-error">{{.ErrorMsg}}</p>{{end}}
                <p>Your Email will be public and used for Account related notifications and any web based operations made via the web.</p>
                <div class="form-group">