From 6b435f59fd67e93c1132e624e1115aa7610edfef Mon Sep 17 00:00:00 2001 From: Lev Kokotov Date: Fri, 22 Nov 2024 11:16:47 -0800 Subject: [PATCH] Add missing CSRF token to admin --- rwf-admin/src/controllers/models.rs | 5 ++++- rwf-admin/templates/rwf_admin/model_new.html | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/rwf-admin/src/controllers/models.rs b/rwf-admin/src/controllers/models.rs index d111c79e..b983a8e5 100644 --- a/rwf-admin/src/controllers/models.rs +++ b/rwf-admin/src/controllers/models.rs @@ -122,7 +122,10 @@ impl PageController for NewModelController { } async fn post(&self, req: &Request) -> Result { - let query = req.form_data()?.into_iter(); + let query = req + .form_data()? + .into_iter() + .filter(|c| c.0 != "rwf_csrf_token"); let mut columns = vec![]; let mut values = vec![]; let mut table_name = vec![]; diff --git a/rwf-admin/templates/rwf_admin/model_new.html b/rwf-admin/templates/rwf_admin/model_new.html index 514a6b01..f5254955 100644 --- a/rwf-admin/templates/rwf_admin/model_new.html +++ b/rwf-admin/templates/rwf_admin/model_new.html @@ -17,6 +17,7 @@

+ <%= csrf_token() %>