Protect trade with CSRF
continuous-integration/drone/push Build was killed
Details
continuous-integration/drone/push Build was killed
Details
parent
15897d0370
commit
c39872e5ea
|
@ -86,6 +86,10 @@
|
|||
<div class="alert alert-warning" role="alert">{% trans "There are currently no wishes!" %}</div>
|
||||
{% endif %}
|
||||
</div>
|
||||
<a class="btn btn-pfl mb-3" href="{% url 'offer_trade' offer.id %}">{% trans "Offer trade" %}</a>
|
||||
<form method="post" action="{% url 'offer_trade' %}">
|
||||
{% csrf_token %}
|
||||
<input type="hidden" name="offer" value="{{ offer.id }}"/>
|
||||
<button class="btn btn-pfl mb-3" data-umami-event="Trade offer">{% trans "Offer trade" %}</button>
|
||||
</form>
|
||||
{% endif %}
|
||||
{% endblock %}
|
||||
|
|
|
@ -20,7 +20,7 @@ urlpatterns = [
|
|||
path("offer/<int:offer_id>/", views.offer_detail, name="offer_detail"),
|
||||
path("offer/<int:offer_id>/delete/", views.offer_delete, name="offer_delete"),
|
||||
path("offer/<int:offer_id>/edit/", views.offer_edit, name="offer_edit"),
|
||||
path("offer/<int:offer_id>/trade/", views.offer_trade, name="offer_trade"),
|
||||
path("trade/", views.offer_trade, name="offer_trade"),
|
||||
path("accounts/<int:user_id>", views.user_detail, name="user_detail"),
|
||||
path("accounts/<int:user_id>/wishlist/", views.wishlist, name="wishlist"),
|
||||
path('accounts/login/', auth_views.LoginView.as_view(template_name='registration/login.html')),
|
||||
|
|
|
@ -150,7 +150,8 @@ def delete_wish(request, wish_id):
|
|||
|
||||
|
||||
@login_required
|
||||
def offer_trade(request, offer_id):
|
||||
def offer_trade(request):
|
||||
offer_id = int(request.POST['offer'])
|
||||
offer = get_object_or_404(Offer, id=offer_id)
|
||||
sender = request.user
|
||||
recipient = offer.user
|
||||
|
|
Loading…
Reference in New Issue