Added AntiForgery token to all blog authenticated http post methods.

--HG-- extra : convert_revision : svn%3A5ff7c347-ad56-4c35-b696-ccb81de16e03/trunk%4044014
2025-10-15 19:54:57 +08:00 · 2009-12-14 18:29:03 +00:00
parent f7c5d33efc
commit b3f694dacd
7 changed files with 49 additions and 13 deletions
--- a/src/Orchard.Web/Packages/Orchard.Blogs/Views/Blog/Create.aspx
+++ b/src/Orchard.Web/Packages/Orchard.Blogs/Views/Blog/Create.aspx
@@ -6,6 +6,9 @@
    <% using (Html.BeginForm()) { %>
        <%=Html.ValidationSummary() %>
        <%=Html.EditorForItem(vm => vm.Blog) %>
-        <fieldset><input class="button" type="submit" value="Create" /></fieldset>
-    <% } %>
+        <fieldset>
+            <%=Html.OrchardAntiForgeryToken() %>
+            <input class="button" type="submit" value="Create" />
+        </fieldset><%
+       } %>
 <% Html.Include("AdminFoot"); %>
--- a/src/Orchard.Web/Packages/Orchard.Blogs/Views/Blog/Edit.aspx
+++ b/src/Orchard.Web/Packages/Orchard.Blogs/Views/Blog/Edit.aspx
@@ -6,6 +6,9 @@
    <% using (Html.BeginForm()) { %>
        <%=Html.ValidationSummary() %>
        <%=Html.EditorForItem(m => m.Blog) %>
-        <fieldset><input class="button" type="submit" value="Save" /></fieldset>
-    <% } %>
+        <fieldset>
+            <%=Html.OrchardAntiForgeryToken() %>
+            <input class="button" type="submit" value="Save" />
+        </fieldset><%
+       } %>
 <% Html.Include("AdminFoot"); %>
--- a/src/Orchard.Web/Packages/Orchard.Blogs/Views/BlogPost/Create.aspx
+++ b/src/Orchard.Web/Packages/Orchard.Blogs/Views/BlogPost/Create.aspx
@@ -1,12 +1,11 @@
 <%@ Page Language="C#" Inherits="System.Web.Mvc.ViewPage<CreateBlogPostViewModel>" %>
+<%@ Import Namespace="Orchard.Mvc.Html"%>
 <%@ Import Namespace="Orchard.Blogs.ViewModels"%>
-<%@ Import Namespace="Orchard.Blogs.Extensions"%>
-<%@ Import Namespace="Orchard.Security" %>
-<%@ Import Namespace="Orchard.Mvc.Html" %>
 <% Html.Include("AdminHead"); %>
    <h2>Add Post</h2>
-    <%using (Html.BeginForm()) { %>
-        <%= Html.ValidationSummary() %>
-        <%= Html.EditorForItem(m => m.BlogPost) %>
-    <% } %>
+    <% using (Html.BeginForm()) { %>
+        <%=Html.ValidationSummary() %>
+        <%=Html.EditorForItem(m => m.BlogPost) %>
+        <%=Html.OrchardAntiForgeryToken() %><%
+       } %>
 <% Html.Include("AdminFoot"); %>
--- a/src/Orchard.Web/Packages/Orchard.Blogs/Views/BlogPost/Edit.aspx
+++ b/src/Orchard.Web/Packages/Orchard.Blogs/Views/BlogPost/Edit.aspx
@@ -1,11 +1,11 @@
 <%@ Page Language="C#" Inherits="System.Web.Mvc.ViewPage<BlogPostEditViewModel>" %>
 <%@ Import Namespace="Orchard.Mvc.Html"%>
-<%@ Import Namespace="Orchard.Blogs.Extensions"%>
 <%@ Import Namespace="Orchard.Blogs.ViewModels"%>
 <% Html.Include("AdminHead"); %>
    <h2>Edit Post</h2>
    <% using (Html.BeginForm()) { %>
        <%=Html.ValidationSummary() %>
        <%=Html.EditorForItem(m => m.BlogPost) %>
-    <% } %>
+        <%=Html.OrchardAntiForgeryToken() %><%
+       } %>
 <% Html.Include("AdminFoot"); %>