Skip to content

Commit

Permalink
Add missing CSRF token to admin
Browse files Browse the repository at this point in the history
  • Loading branch information
levkk committed Nov 22, 2024
1 parent 239c210 commit 6b435f5
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 1 deletion.
5 changes: 4 additions & 1 deletion rwf-admin/src/controllers/models.rs
Original file line number Diff line number Diff line change
Expand Up @@ -122,7 +122,10 @@ impl PageController for NewModelController {
}

async fn post(&self, req: &Request) -> Result<Response, Error> {
let query = req.form_data()?.into_iter();
let query = req
.form_data()?
.into_iter()
.filter(|c| c.0 != "rwf_csrf_token");
let mut columns = vec![];
let mut values = vec![];
let mut table_name = vec![];
Expand Down
1 change: 1 addition & 0 deletions rwf-admin/templates/rwf_admin/model_new.html
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ <h1 class="d-flex align-items-center gap-2 mb-0">

<div class="my-5">
<form action="/admin/models/new" method="post">
<%= csrf_token() %>
<input
type="hidden"
name="rwf_table_name"
Expand Down

0 comments on commit 6b435f5

Please sign in to comment.