Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Genesys Backend
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
17
Issues
17
List
Boards
Labels
Service Desk
Milestones
Operations
Operations
Incidents
Packages & Registries
Packages & Registries
Container Registry
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Genesys PGR
Genesys Backend
Commits
fd0b5516
Commit
fd0b5516
authored
Feb 20, 2014
by
Nick Martynenko
Committed by
Matija Obreza
Feb 22, 2014
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
CSRF
parent
77a3b7c6
Changes
30
Hide whitespace changes
Inline
Side-by-side
Showing
30 changed files
with
123 additions
and
17 deletions
+123
-17
pom.xml
pom.xml
+13
-11
src/main/resources/spring/spring-security-oauth.xml
src/main/resources/spring/spring-security-oauth.xml
+1
-1
src/main/resources/spring/spring-security.xml
src/main/resources/spring/spring-security.xml
+4
-1
src/main/webapp/WEB-INF/decorator/entry.jsp
src/main/webapp/WEB-INF/decorator/entry.jsp
+5
-0
src/main/webapp/WEB-INF/decorator/footer.jsp
src/main/webapp/WEB-INF/decorator/footer.jsp
+9
-0
src/main/webapp/WEB-INF/decorator/header.jsp
src/main/webapp/WEB-INF/decorator/header.jsp
+5
-0
src/main/webapp/WEB-INF/decorator/main.jsp
src/main/webapp/WEB-INF/decorator/main.jsp
+9
-3
src/main/webapp/WEB-INF/jsp/admin/index.jsp
src/main/webapp/WEB-INF/jsp/admin/index.jsp
+28
-0
src/main/webapp/WEB-INF/jsp/admin/oauth/client/edit.jsp
src/main/webapp/WEB-INF/jsp/admin/oauth/client/edit.jsp
+2
-0
src/main/webapp/WEB-INF/jsp/content/activitypost-edit.jsp
src/main/webapp/WEB-INF/jsp/content/activitypost-edit.jsp
+3
-1
src/main/webapp/WEB-INF/jsp/content/article-edit.jsp
src/main/webapp/WEB-INF/jsp/content/article-edit.jsp
+2
-0
src/main/webapp/WEB-INF/jsp/country/edit.jsp
src/main/webapp/WEB-INF/jsp/country/edit.jsp
+2
-0
src/main/webapp/WEB-INF/jsp/filter/cropdescriptors.jsp
src/main/webapp/WEB-INF/jsp/filter/cropdescriptors.jsp
+2
-0
src/main/webapp/WEB-INF/jsp/filter/filter.jsp
src/main/webapp/WEB-INF/jsp/filter/filter.jsp
+2
-0
src/main/webapp/WEB-INF/jsp/filter/pick.jsp
src/main/webapp/WEB-INF/jsp/filter/pick.jsp
+2
-0
src/main/webapp/WEB-INF/jsp/index.jsp
src/main/webapp/WEB-INF/jsp/index.jsp
+2
-0
src/main/webapp/WEB-INF/jsp/login.jsp
src/main/webapp/WEB-INF/jsp/login.jsp
+2
-0
src/main/webapp/WEB-INF/jsp/oauth/confirm.jsp
src/main/webapp/WEB-INF/jsp/oauth/confirm.jsp
+4
-0
src/main/webapp/WEB-INF/jsp/oauth/createclient.jsp
src/main/webapp/WEB-INF/jsp/oauth/createclient.jsp
+2
-0
src/main/webapp/WEB-INF/jsp/organization/edit.jsp
src/main/webapp/WEB-INF/jsp/organization/edit.jsp
+2
-0
src/main/webapp/WEB-INF/jsp/registration.jsp
src/main/webapp/WEB-INF/jsp/registration.jsp
+2
-0
src/main/webapp/WEB-INF/jsp/request/index.jsp
src/main/webapp/WEB-INF/jsp/request/index.jsp
+2
-0
src/main/webapp/WEB-INF/jsp/request/personal.jsp
src/main/webapp/WEB-INF/jsp/request/personal.jsp
+2
-0
src/main/webapp/WEB-INF/jsp/selection/index.jsp
src/main/webapp/WEB-INF/jsp/selection/index.jsp
+4
-0
src/main/webapp/WEB-INF/jsp/team/edit.jsp
src/main/webapp/WEB-INF/jsp/team/edit.jsp
+2
-0
src/main/webapp/WEB-INF/jsp/user/edit.jsp
src/main/webapp/WEB-INF/jsp/user/edit.jsp
+2
-0
src/main/webapp/WEB-INF/jsp/user/email.jsp
src/main/webapp/WEB-INF/jsp/user/email.jsp
+2
-0
src/main/webapp/WEB-INF/jsp/user/password.jsp
src/main/webapp/WEB-INF/jsp/user/password.jsp
+2
-0
src/main/webapp/WEB-INF/jsp/user/validateemail.jsp
src/main/webapp/WEB-INF/jsp/user/validateemail.jsp
+2
-0
src/main/webapp/WEB-INF/jsp/wiews/edit.jsp
src/main/webapp/WEB-INF/jsp/wiews/edit.jsp
+2
-0
No files found.
pom.xml
View file @
fd0b5516
...
...
@@ -55,8 +55,8 @@
<log4j.version>
1.2.17
</log4j.version>
<aspectj.version>
1.7.2
</aspectj.version>
<spring.framework.version>
3.2.
5
.RELEASE
</spring.framework.version>
<spring.security.version>
3.
1.4
.RELEASE
</spring.security.version>
<spring.framework.version>
3.2.
7
.RELEASE
</spring.framework.version>
<spring.security.version>
3.
2.1
.RELEASE
</spring.security.version>
<spring.security.oauth2.version>
1.0.5.RELEASE
</spring.security.oauth2.version>
<spring.data.core.version>
1.5.1.RELEASE
</spring.data.core.version>
<spring.data.jpa.version>
1.3.5.RELEASE
</spring.data.jpa.version>
...
...
@@ -100,11 +100,19 @@
<name>
Releases
</name>
<url>
https://oss.sonatype.org/content/repositories/releases
</url>
</repository>
<!-- <repository> <id>sonatype mirror</id> <url>http://search.maven.org/remotecontent?filepath=</url>
</repository> -->
<repository>
<id>
sonatype mirror
</id>
<url>
http://search.maven.org/remotecontent?filepath=
</url>
</repository>
</repositories>
<pluginRepositories>
<pluginRepository>
<id>
sonatype mirror
</id>
<url>
http://search.maven.org/remotecontent?filepath=
</url>
</pluginRepository>
</pluginRepositories>
<dependencies>
<!--Test dependencies -->
<dependency>
...
...
@@ -248,12 +256,6 @@
<version>
${spring.security.version}
</version>
</dependency>
<dependency>
<groupId>
org.springframework.security
</groupId>
<artifactId>
spring-security-crypto
</artifactId>
<version>
${spring.security.version}
</version>
</dependency>
<dependency>
<groupId>
org.springframework.security
</groupId>
<artifactId>
spring-security-taglibs
</artifactId>
...
...
src/main/resources/spring/spring-security-oauth.xml
View file @
fd0b5516
...
...
@@ -18,7 +18,7 @@
<beans
xmlns=
"http://www.springframework.org/schema/beans"
xmlns:xsi=
"http://www.w3.org/2001/XMLSchema-instance"
xmlns:oauth=
"http://www.springframework.org/schema/security/oauth2"
xmlns:sec=
"http://www.springframework.org/schema/security"
xsi:schemaLocation=
"http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-1.0.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security
-3.1
.xsd"
>
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"
>
<!-- <bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased" xmlns="http://www.springframework.org/schema/beans">
<constructor-arg>
...
...
src/main/resources/spring/spring-security.xml
View file @
fd0b5516
...
...
@@ -18,7 +18,7 @@
<beans
xmlns=
"http://www.springframework.org/schema/beans"
xmlns:xsi=
"http://www.w3.org/2001/XMLSchema-instance"
xmlns:sec=
"http://www.springframework.org/schema/security"
xsi:schemaLocation=
"http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security
-3.1
.xsd
xsi:schemaLocation=
"http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd"
>
...
...
@@ -60,6 +60,9 @@
<sec:access-denied-handler
error-page=
"/access-denied"
/>
<sec:expression-handler
ref=
"webExpressionHandler"
/>
<!--enable CSRF protection-->
<sec:csrf
/>
</sec:http>
</beans>
src/main/webapp/WEB-INF/decorator/entry.jsp
View file @
fd0b5516
...
...
@@ -10,6 +10,11 @@
<meta
name=
"description"
content=
""
/>
<meta
name=
"author"
content=
""
/>
<!-- CSRF protection-->
<meta
name=
"_csrf"
content=
"${_csrf.token}"
/>
<!-- default header name is X-CSRF-TOKEN -->
<meta
name=
"_csrf_header"
content=
"${_csrf.headerName}"
/>
<title><sitemesh:write
property=
"title"
/></title>
<!-- Custom styles for this template -->
...
...
src/main/webapp/WEB-INF/decorator/footer.jsp
View file @
fd0b5516
...
...
@@ -90,4 +90,13 @@
$
(
'
#nav-main
'
).
hide
(
'
slow
'
);
});
//CSRF protection
$
(
function
()
{
var
token
=
$
(
"
meta[name='_csrf']
"
).
attr
(
"
content
"
);
var
header
=
$
(
"
meta[name='_csrf_header']
"
).
attr
(
"
content
"
);
$
(
document
).
ajaxSend
(
function
(
e
,
xhr
,
options
)
{
xhr
.
setRequestHeader
(
header
,
token
);
});
});
</script>
src/main/webapp/WEB-INF/decorator/header.jsp
View file @
fd0b5516
...
...
@@ -40,6 +40,8 @@
<span
class=
"or"
>
-
</span>
<a
href=
"
<c:url
value=
"/google/login"
/>
"
class=
"btn btn-default google-signin"
><spring:message
code=
"login.with-google-plus"
/></a>
<a
href=
"
<c:url
value=
"/registration"
/>
"
class=
"btn btn-default"
><spring:message
code=
"login.register-now"
/></a>
<!-- CSRF protection -->
<input
type=
"hidden"
name=
"${_csrf.parameterName}"
value=
"${_csrf.token}"
/>
</form>
</li>
</ul>
...
...
@@ -118,6 +120,9 @@
<span
class=
"or"
>
-
</span>
<a
href=
"
<c:url
value=
"/google/login"
/>
"
class=
"btn btn-default google-signin"
><spring:message
code=
"login.with-google-plus"
/></a>
<a
href=
"
<c:url
value=
"/registration"
/>
"
class=
"btn btn-default"
><spring:message
code=
"login.register-now"
/></a>
<!-- CSRF protection -->
<input
type=
"hidden"
name=
"${_csrf.parameterName}"
value=
"${_csrf.token}"
/>
</form>
</li>
</ul>
...
...
src/main/webapp/WEB-INF/decorator/main.jsp
View file @
fd0b5516
...
...
@@ -9,9 +9,15 @@
<meta
name=
"viewport"
content=
"width=device-width, initial-scale=1.0"
/>
<meta
name=
"description"
content=
""
/>
<meta
name=
"author"
content=
""
/>
<!--
<link rel="shortcut icon" href="../../docs-assets/ico/favicon.png" />
-->
<!-- CSRF protection-->
<meta
name=
"_csrf"
content=
"${_csrf.token}"
/>
<!-- default header name is X-CSRF-TOKEN -->
<meta
name=
"_csrf_header"
content=
"${_csrf.headerName}"
/>
<!--
<link rel="shortcut icon" href="../../docs-assets/ico/favicon.png" />
-->
<title><sitemesh:write
property=
"title"
/></title>
...
...
src/main/webapp/WEB-INF/jsp/admin/index.jsp
View file @
fd0b5516
...
...
@@ -15,12 +15,18 @@
<h3>
Country data
</h3>
<form
method=
"post"
action=
"
<c:url
value=
"/admin/refreshCountries"
/>
"
>
<input
type=
"submit"
class=
"btn btn-default"
value=
"Refresh country data"
/>
<!-- CSRF protection -->
<input
type=
"hidden"
name=
"${_csrf.parameterName}"
value=
"${_csrf.token}"
/>
</form>
<form
method=
"post"
action=
"
<c:url
value=
"/admin/updateAlternateNames"
/>
"
>
<input
type=
"submit"
class=
"btn btn-default"
value=
"Update alternate GEO names"
/>
<!-- CSRF protection -->
<input
type=
"hidden"
name=
"${_csrf.parameterName}"
value=
"${_csrf.token}"
/>
</form>
<form
method=
"post"
action=
"
<c:url
value=
"/admin/updateITPGRFA"
/>
"
>
<input
type=
"submit"
class=
"btn btn-default"
class=
"btn btn-default"
value=
"Update country ITPGRFA status"
/>
<!-- CSRF protection -->
<input
type=
"hidden"
name=
"${_csrf.parameterName}"
value=
"${_csrf.token}"
/>
</form>
...
...
@@ -28,43 +34,63 @@
<h3>
WIEWS
</h3>
<form
method=
"post"
action=
"
<c:url
value=
"/admin/refreshWiews"
/>
"
>
<input
type=
"submit"
class=
"btn btn-default"
value=
"Refresh WIEWS data"
/>
<!-- CSRF protection -->
<input
type=
"hidden"
name=
"${_csrf.parameterName}"
value=
"${_csrf.token}"
/>
</form>
<h3>
Svalbard Global Seed Vault
</h3>
<form
method=
"post"
action=
"
<c:url
value=
"/admin/updateSGSV"
/>
"
>
<input
type=
"submit"
class=
"btn btn-default"
value=
"Update SGSV"
/>
<!-- CSRF protection -->
<input
type=
"hidden"
name=
"${_csrf.parameterName}"
value=
"${_csrf.token}"
/>
</form>
<form
method=
"post"
action=
"
<c:url
value=
"/admin/importSGSV"
/>
"
>
<input
type=
"submit"
class=
"btn btn-default"
value=
"Import SGSV"
/>
<!-- CSRF protection -->
<input
type=
"hidden"
name=
"${_csrf.parameterName}"
value=
"${_csrf.token}"
/>
</form>
<h3>
Accession
</h3>
<form
method=
"post"
action=
"
<c:url
value=
"/admin/updateAccessionCountryRefs"
/>
"
>
<input
type=
"submit"
class=
"btn btn-default"
class=
"btn btn-default"
value=
"Update accession country info"
/>
<!-- CSRF protection -->
<input
type=
"hidden"
name=
"${_csrf.parameterName}"
value=
"${_csrf.token}"
/>
</form>
<form
method=
"post"
action=
"
<c:url
value=
"/admin/updateInstituteCountryRefs"
/>
"
>
<input
type=
"submit"
class=
"btn btn-default"
class=
"btn btn-default"
value=
"Update WIEWS country info"
/>
<!-- CSRF protection -->
<input
type=
"hidden"
name=
"${_csrf.parameterName}"
value=
"${_csrf.token}"
/>
</form>
<form
method=
"post"
action=
"
<c:url
value=
"/admin/updateAccessionInstituteRefs"
/>
"
>
<input
type=
"submit"
class=
"btn btn-default"
value=
"Update accession institute info"
/>
<!-- CSRF protection -->
<input
type=
"hidden"
name=
"${_csrf.parameterName}"
value=
"${_csrf.token}"
/>
</form>
<form
method=
"post"
action=
"
<c:url
value=
"/admin/convertNames"
/>
"
>
<input
type=
"submit"
class=
"btn btn-default"
value=
"Convert old names to aliases"
/>
<!-- CSRF protection -->
<input
type=
"hidden"
name=
"${_csrf.parameterName}"
value=
"${_csrf.token}"
/>
</form>
<h3>
C
&
E
</h3>
<form
method=
"post"
action=
"
<c:url
value=
"/admin/refreshMetadataMethods"
/>
"
>
<input
type=
"submit"
class=
"btn btn-default"
class=
"btn btn-default"
value=
"Recalculate metadata methods"
/>
<!-- CSRF protection -->
<input
type=
"hidden"
name=
"${_csrf.parameterName}"
value=
"${_csrf.token}"
/>
</form>
<h3>
Content
</h3>
<form
method=
"post"
action=
"
<c:url
value=
"/admin/sanitize"
/>
"
>
<input
type=
"submit"
class=
"btn btn-default"
value=
"Sanitize HTML content"
/>
<!-- CSRF protection -->
<input
type=
"hidden"
name=
"${_csrf.parameterName}"
value=
"${_csrf.token}"
/>
</form>
<h3>
Full-text Search
</h3>
<form
method=
"post"
action=
"
<c:url
value=
"/admin/reindexEverything"
/>
"
>
<input
type=
"submit"
class=
"btn btn-default"
class=
"btn btn-default"
value=
"Reindex search indexes"
/>
<!-- CSRF protection -->
<input
type=
"hidden"
name=
"${_csrf.parameterName}"
value=
"${_csrf.token}"
/>
</form>
<form
method=
"post"
action=
"
<c:url
value=
"/admin/reindexEntity"
/>
"
>
...
...
@@ -76,6 +102,8 @@
<option
value=
"org.genesys2.server.model.impl.Organization"
>
Organizations
</option>
<option
value=
"org.genesys2.server.model.genesys.Accession"
>
Accessions
</option>
</select>
<input
type=
"submit"
class=
"btn btn-default"
value=
"Reindex search indexes"
/>
<!-- CSRF protection -->
<input
type=
"hidden"
name=
"${_csrf.parameterName}"
value=
"${_csrf.token}"
/>
</form>
</body>
...
...
src/main/webapp/WEB-INF/jsp/admin/oauth/client/edit.jsp
View file @
fd0b5516
...
...
@@ -24,6 +24,8 @@
<input
type=
"submit"
value=
"
<spring:message
code=
"blurp.update-blurp"
/>
"
class=
"btn btn-primary"
/>
<a
href=
"
<c:url
value=
"/geo/${country.code3.toLowerCase()}"
/>
"
class=
"btn btn-default"
>
<spring:message
code=
"cancel"
/>
</a>
<!-- CSRF protection -->
<input
type=
"hidden"
name=
"${_csrf.parameterName}"
value=
"${_csrf.token}"
/>
</form>
<content
tag=
"javascript"
>
...
...
src/main/webapp/WEB-INF/jsp/content/activitypost-edit.jsp
View file @
fd0b5516
...
...
@@ -37,7 +37,9 @@
<a
class=
"btn btn-default"
href=
"
<c:url
value=
"/content/activitypost/${activityPost.id}/delete"
/>
"
><spring:message
code=
"delete"
/></a>
</c:if>
<a
class=
"btn btn-default"
href=
"
<c:url
value=
"/"
/>
"
><spring:message
code=
"cancel"
/></a>
</form>
<!-- CSRF protection -->
<input
type=
"hidden"
name=
"${_csrf.parameterName}"
value=
"${_csrf.token}"
/>
</form>
<content
tag=
"javascript"
>
<script
type=
"text/javascript"
src=
"/html/js/tinymce/tinymce.min.js"
></script>
...
...
src/main/webapp/WEB-INF/jsp/content/article-edit.jsp
View file @
fd0b5516
...
...
@@ -36,6 +36,8 @@
<input
type=
"submit"
value=
"
<spring:message
code=
"save"
/>
"
class=
"btn btn-primary"
/>
<a
href=
"
<c:url
value=
"
${
article
.
id
ne
null
?
'/content/'
.
concat
(
article
.
slug
)
:
'/'
}
"
/>
"
class=
"btn btn-default"
>
Cancel
</a>
<!-- CSRF protection -->
<input
type=
"hidden"
name=
"${_csrf.parameterName}"
value=
"${_csrf.token}"
/>
</form>
<content
tag=
"javascript"
>
...
...
src/main/webapp/WEB-INF/jsp/country/edit.jsp
View file @
fd0b5516
...
...
@@ -25,6 +25,8 @@
<input
type=
"submit"
value=
"
<spring:message
code=
"blurp.update-blurp"
/>
"
class=
"btn btn-primary"
/>
<a
href=
"
<c:url
value=
"/geo/${country.code3.toLowerCase()}"
/>
"
class=
"btn btn-default"
>
<spring:message
code=
"cancel"
/>
</a>
<!-- CSRF protection -->
<input
type=
"hidden"
name=
"${_csrf.parameterName}"
value=
"${_csrf.token}"
/>
</form>
<content
tag=
"javascript"
>
...
...
src/main/webapp/WEB-INF/jsp/filter/cropdescriptors.jsp
View file @
fd0b5516
...
...
@@ -36,6 +36,8 @@
</div>
</div>
<!-- CSRF protection -->
<input
type=
"hidden"
name=
"${_csrf.parameterName}"
value=
"${_csrf.token}"
/>
</form>
</body>
...
...
src/main/webapp/WEB-INF/jsp/filter/filter.jsp
View file @
fd0b5516
...
...
@@ -77,6 +77,8 @@
<button
type=
"submit"
name=
"doPick"
class=
"btn btn-green pull-left"
>
Change filters
</button>
</div>
</div>
<!-- CSRF protection -->
<input
type=
"hidden"
name=
"${_csrf.parameterName}"
value=
"${_csrf.token}"
/>
</form>
</div>
...
...
src/main/webapp/WEB-INF/jsp/filter/pick.jsp
View file @
fd0b5516
...
...
@@ -67,6 +67,8 @@
</div>
</div>
<!-- CSRF protection -->
<input
type=
"hidden"
name=
"${_csrf.parameterName}"
value=
"${_csrf.token}"
/>
</form>
<content
tag=
"javascript"
>
...
...
src/main/webapp/WEB-INF/jsp/index.jsp
View file @
fd0b5516
...
...
@@ -16,6 +16,8 @@
<sec:authorize
access=
"hasRole('ADMINISTRATOR')"
>
<form
method=
"post"
action=
"
<c:url
value=
"/c/rebuild"
/>
"
>
<input
type=
"submit"
class=
"btn form-control"
value=
"Rebuild"
/>
<!-- CSRF protection -->
<input
type=
"hidden"
name=
"${_csrf.parameterName}"
value=
"${_csrf.token}"
/>
</form>
</sec:authorize>
<div
class=
"dropdown"
>
...
...
src/main/webapp/WEB-INF/jsp/login.jsp
View file @
fd0b5516
...
...
@@ -46,6 +46,8 @@
<a
href=
"forgot-password"
id=
"forgot-password"
class=
"btn"
><spring:message
code=
"login.forgot-password"
/></a>
</div>
</div>
<!-- CSRF protection -->
<input
type=
"hidden"
name=
"${_csrf.parameterName}"
value=
"${_csrf.token}"
/>
</form>
</body>
</html>
\ No newline at end of file
src/main/webapp/WEB-INF/jsp/oauth/confirm.jsp
View file @
fd0b5516
...
...
@@ -26,11 +26,15 @@
<div
class=
"col-sm-2"
>
<form
action=
"
<c:url
value=
"/oauth/authorize"
/>
"
method=
"post"
>
<input
name=
"user_oauth_approval"
value=
"true"
type=
"hidden"
/>
<label><input
class=
"btn btn-primary"
name=
"authorize"
value=
"
<spring:message
code=
"oauth2.button-approve"
/>
"
type=
"submit"
/></label>
<!-- CSRF protection -->
<input
type=
"hidden"
name=
"${_csrf.parameterName}"
value=
"${_csrf.token}"
/>
</form>
</div>
<div
class=
"col-sm-2"
>
<form
action=
"
<c:url
value=
"/oauth/authorize"
/>
"
method=
"post"
>
<input
name=
"user_oauth_approval"
value=
"false"
type=
"hidden"
/>
<label><input
class=
"btn btn-default"
name=
"deny"
value=
"
<spring:message
code=
"oauth2.button-deny"
/>
"
type=
"submit"
/></label>
<!-- CSRF protection -->
<input
type=
"hidden"
name=
"${_csrf.parameterName}"
value=
"${_csrf.token}"
/>
</form>
</div>
</div>
...
...
src/main/webapp/WEB-INF/jsp/oauth/createclient.jsp
View file @
fd0b5516
...
...
@@ -36,6 +36,8 @@
</a>
</div>
</div>
<!-- CSRF protection -->
<input
type=
"hidden"
name=
"${_csrf.parameterName}"
value=
"${_csrf.token}"
/>
</form>
</body>
</html>
\ No newline at end of file
src/main/webapp/WEB-INF/jsp/organization/edit.jsp
View file @
fd0b5516
...
...
@@ -39,6 +39,8 @@
<input
type=
"submit"
value=
"
<spring:message
code=
"blurp.update-blurp"
/>
"
class=
"btn btn-primary"
/>
<a
href=
"
<c:url
value=
"/org/${organization.slug}"
/>
"
class=
"btn btn-default"
>
<spring:message
code=
"cancel"
/>
</a>
<!-- CSRF protection -->
<input
type=
"hidden"
name=
"${_csrf.parameterName}"
value=
"${_csrf.token}"
/>
</form>
<content
tag=
"javascript"
>
...
...
src/main/webapp/WEB-INF/jsp/registration.jsp
View file @
fd0b5516
...
...
@@ -66,6 +66,8 @@
</a>
</div>
</div>
<!-- CSRF protection -->
<input
type=
"hidden"
name=
"${_csrf.parameterName}"
value=
"${_csrf.token}"
/>
</form>
<content
tag=
"javascript"
>
...
...
src/main/webapp/WEB-INF/jsp/request/index.jsp
View file @
fd0b5516
...
...
@@ -61,6 +61,8 @@
<div
class=
"form-actions"
>
<input
class=
"btn btn-primary"
type=
"submit"
value=
"
<spring:message
code=
"request.start-request"
/>
"
/>
</div>
<!-- CSRF protection -->
<input
type=
"hidden"
name=
"${_csrf.parameterName}"
value=
"${_csrf.token}"
/>
</form>
</c:if>
...
...
src/main/webapp/WEB-INF/jsp/request/personal.jsp
View file @
fd0b5516
...
...
@@ -29,6 +29,8 @@
<div
class=
"form-actions"
>
<input
class=
"btn btn-primary"
type=
"submit"
value=
"
<spring:message
code=
"request.start-request"
/>
"
/>
</div>
<!-- CSRF protection -->
<input
type=
"hidden"
name=
"${_csrf.parameterName}"
value=
"${_csrf.token}"
/>
</form>
</body>
...
...
src/main/webapp/WEB-INF/jsp/selection/index.jsp
View file @
fd0b5516
...
...
@@ -64,6 +64,8 @@
<a
href=
"
<c:url
value=
"/sel/clear"
/>
"
><button
class=
"btn"
type=
"button"
>
Clear list
</button></a>
<a
href=
"
<c:url
value=
"/sel/map"
/>
"
><button
class=
"btn"
type=
"button"
>
Display on map
</button></a>
</div>
<!-- CSRF protection -->
<input
type=
"hidden"
name=
"${_csrf.parameterName}"
value=
"${_csrf.token}"
/>
</form>
</c:if>
...
...
@@ -81,6 +83,8 @@
<div
class=
"form-actions clearfix"
>
<input
type=
"submit"
class=
"btn"
value=
"
<spring:message
code=
"selection.add-many"
/>
"
/>
</div>
<!-- CSRF protection -->
<input
type=
"hidden"
name=
"${_csrf.parameterName}"
value=
"${_csrf.token}"
/>
</form>
</c:if>
</body>
...
...
src/main/webapp/WEB-INF/jsp/team/edit.jsp
View file @
fd0b5516
...
...
@@ -26,6 +26,8 @@
</a>
</div>
</div>
<!-- CSRF protection -->
<input
type=
"hidden"
name=
"${_csrf.parameterName}"
value=
"${_csrf.token}"
/>
</form>
</body>
</html>
\ No newline at end of file
src/main/webapp/WEB-INF/jsp/user/edit.jsp
View file @
fd0b5516
...
...
@@ -45,6 +45,8 @@
</a>
</div>
</div>
<!-- CSRF protection -->
<input
type=
"hidden"
name=
"${_csrf.parameterName}"
value=
"${_csrf.token}"
/>
</form>
</body>
</html>
\ No newline at end of file
src/main/webapp/WEB-INF/jsp/user/email.jsp
View file @
fd0b5516
...
...
@@ -21,6 +21,8 @@
<input
type=
"submit"
value=
"
<spring:message
code=
"userprofile.email.send"
/>
"
class=
"btn btn-primary"
/>
</div>
</div>
<!-- CSRF protection -->
<input
type=
"hidden"
name=
"${_csrf.parameterName}"
value=
"${_csrf.token}"
/>
</form>
</body>
...
...
src/main/webapp/WEB-INF/jsp/user/password.jsp
View file @
fd0b5516
...
...
@@ -28,6 +28,8 @@
<input
type=
"submit"
value=
"
<spring:message
code=
"userprofile.password"
/>
"
class=
"btn btn-primary"
/>
</div>
</div>
<!-- CSRF protection -->
<input
type=
"hidden"
name=
"${_csrf.parameterName}"
value=
"${_csrf.token}"
/>
</form>
</body>
</html>
\ No newline at end of file
src/main/webapp/WEB-INF/jsp/user/validateemail.jsp
View file @
fd0b5516
...
...
@@ -25,6 +25,8 @@
<spring:message
code=
"validate.email.invalid.key"
/>
</div>
</c:if>
<!-- CSRF protection -->
<input
type=
"hidden"
name=
"${_csrf.parameterName}"
value=
"${_csrf.token}"
/>
</form>
...
...
src/main/webapp/WEB-INF/jsp/wiews/edit.jsp
View file @
fd0b5516
...
...
@@ -32,6 +32,8 @@
<input
type=
"submit"
value=
"
<spring:message
code=
"save"
/>
"
class=
"btn btn-primary"
/>
<a
href=
"
<c:url
value=
"/wiews/${faoInstitute.code.toLowerCase()}"
/>
"
class=
"btn btn-default"
>
<spring:message
code=
"cancel"
/>
</a>
<!-- CSRF protection -->
<input
type=
"hidden"
name=
"${_csrf.parameterName}"
value=
"${_csrf.token}"
/>
</form>
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment