Show - Form hack with vote buttons - CSRF protection

2017-11-11 20:34:48 +02:00 · 2017-11-11 20:34:48 +02:00 · c11a43b7c5
commit c11a43b7c5
parent 064406bf89
3 changed files with 16 additions and 7 deletions
--- a/LandingPage/static/css/style.css
+++ b/LandingPage/static/css/style.css
@ -181,6 +181,9 @@ a.episode .submission_cnt {
  cursor: pointer;
  text-decoration: none;
 }
 .vote-btns form {
  display: inline-block;
 }
 .vote-positive {
  background-color: #a4ffa7;
  color: #008005;
--- a/Show/templates/episode.html
+++ b/Show/templates/episode.html
@ -41,12 +41,18 @@
 	<div class="submission{% if sbm.positives < sbm.negatives %} buried{% endif %}">
 		<a href="{{sbm.url}}" class="link"><i class="fa fa-fw fa-globe"></i>&nbsp;{{sbm.url}}</a>
 		<div class="vote-btns" data-vote-id="{{sbm.id}}">
-			<a href="/show/{{show.abbr}}/vote/{{sbm.id}}/1" class="vote-positive">
+			<form method="POST" action="/show/{{show.abbr}}/vote/{{sbm.id}}/1">
-				<i class="fa fa-fw fa-thumbs-up"></i>&nbsp;{{sbm.positives}}
+				{% csrf_token %}
-			</a>
+				<button class="vote-positive">
-			<a href="/show/{{show.abbr}}/vote/{{sbm.id}}/0" class="vote-negative">
+					<i class="fa fa-fw fa-thumbs-up"></i>&nbsp;{{sbm.positives}}
-				<i class="fa fa-fw fa-thumbs-down"></i>&nbsp;{{sbm.negatives}}
+				</button>
-			</a>
+			</form>
 			<form method="POST" action="/show/{{show.abbr}}/vote/{{sbm.id}}/0">
 				{% csrf_token %}
 				<button class="vote-negative">
 					<i class="fa fa-fw fa-thumbs-down"></i>&nbsp;{{sbm.negatives}}
 				</button>
 			</form>
 		</div>
 	</div>
 	{% empty %}
--- a/Show/views.py
+++ b/Show/views.py
@ -145,7 +145,7 @@ def SubmissionForm(req, abbreviation, season, episode):
 # Vote request
 # /show/{{abbr}}/vote/{{submission id}}/{{positive == 1}}
 class SubmissionVoteSubmit(View):
-    def get (self, req, abbreviation, subid, positive):
+    def post (self, req, abbreviation, subid, positive):
        # Convert positive parameter into a boolean
        pos_bool = int(positive) == 1