mirror of
https://github.com/freedombox/FreedomBox.git
synced 2026-01-28 08:03:36 +00:00
network: CSRF check for (de)activating connections
Fixes issue #127 Network manager: fix CSRF when activating/deactivating network connections https://github.com/freedombox/Plinth/issues/127
This commit is contained in:
Sean Alexandre
Sunil Mohan Adapa
parent
09fa98f8b1
commit
d14f077608
@ -19,6 +19,7 @@ from django.contrib import messages
|
||||
from django.core.urlresolvers import reverse_lazy
|
||||
from django.shortcuts import redirect
|
||||
from django.template.response import TemplateResponse
|
||||
from django.views.decorators.http import require_POST
|
||||
from gettext import gettext as _
|
||||
from logging import Logger
|
||||
|
||||
@ -167,6 +168,7 @@ def edit(request, uuid):
|
||||
'form': form})
|
||||
|
||||
|
||||
@require_POST
|
||||
def activate(request, uuid):
|
||||
"""Activate the connection."""
|
||||
try:
|
||||
@ -184,6 +186,7 @@ def activate(request, uuid):
|
||||
return redirect(reverse_lazy('networks:index'))
|
||||
|
||||
|
||||
@require_POST
|
||||
def deactivate(request, uuid):
|
||||
"""Deactivate the connection."""
|
||||
try:
|
||||
|
||||
@ -23,15 +23,23 @@
|
||||
{% block page_head %}
|
||||
<style type="text/css">
|
||||
.connection-edit-label {
|
||||
display: inline-block;
|
||||
width: 40%;
|
||||
display: inline-block;
|
||||
width: 40%;
|
||||
}
|
||||
|
||||
.connection-type-label {
|
||||
display: inline-block;
|
||||
width: 20%;
|
||||
display: inline-block;
|
||||
width: 20%;
|
||||
}
|
||||
|
||||
.list-group-item .btn {
|
||||
margin: -5px 0;
|
||||
margin: -5px 0;
|
||||
}
|
||||
|
||||
.dropdown-menu .btn {
|
||||
background: none;
|
||||
width: 100%;
|
||||
text-align: left;
|
||||
}
|
||||
</style>
|
||||
{% endblock %}
|
||||
@ -59,35 +67,41 @@
|
||||
<span class="connection-type-label">{{ connection.type }}</span>
|
||||
|
||||
{% if connection.is_active %}
|
||||
<div class="btn-group">
|
||||
<button type="button"
|
||||
class="btn btn-success btn-xs dropdown-toggle"
|
||||
data-toggle="dropdown" aria-expanded="false">
|
||||
Active <span class="caret"></span>
|
||||
</button>
|
||||
<ul class="dropdown-menu" role="menu">
|
||||
<li>
|
||||
<a href="{% url 'networks:deactivate' connection.uuid %}">
|
||||
Deactivate
|
||||
</a>
|
||||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
<div class="btn-group">
|
||||
<button type="button"
|
||||
class="btn btn-success btn-xs dropdown-toggle"
|
||||
data-toggle="dropdown" aria-expanded="false">
|
||||
Active <span class="caret"></span>
|
||||
</button>
|
||||
<ul class="dropdown-menu" role="menu">
|
||||
<li>
|
||||
<form name="toggle_form" id="toggle_form" class="form" method="post"
|
||||
action="{% url 'networks:deactivate' connection.uuid %}">
|
||||
{% csrf_token %}
|
||||
|
||||
<button type="submit" class="btn">Deactivate</button>
|
||||
</form>
|
||||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
{% else %}
|
||||
<div class="btn-group">
|
||||
<button type="button"
|
||||
class="btn btn-warning btn-xs dropdown-toggle"
|
||||
data-toggle="dropdown" aria-expanded="false">
|
||||
Not Active <span class="caret"></span>
|
||||
</button>
|
||||
<ul class="dropdown-menu" role="menu">
|
||||
<li>
|
||||
<a href="{% url 'networks:activate' connection.uuid %}">
|
||||
Activate
|
||||
</a>
|
||||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
<div class="btn-group">
|
||||
<button type="button"
|
||||
class="btn btn-warning btn-xs dropdown-toggle"
|
||||
data-toggle="dropdown" aria-expanded="false">
|
||||
Not Active <span class="caret"></span>
|
||||
</button>
|
||||
<ul class="dropdown-menu" role="menu">
|
||||
<li>
|
||||
<form name="toggle_form" id="toggle_form" class="form" method="post"
|
||||
action="{% url 'networks:activate' connection.uuid %}">
|
||||
{% csrf_token %}
|
||||
|
||||
<button type="submit" class="btn">Activate</button>
|
||||
</form>
|
||||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
{% endif %}
|
||||
|
||||
</div>
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user