Merge branch 'master' of github.com:mrjoes/flask-admin into examples

.gitignore

@@ -20,3 +20,4 @@ examples/sqla-inline/static
 examples/file/files
 .DS_Store
 .idea/
+*.sqlite

flask_admin/templates/admin/actions.html

@@ -12,6 +12,9 @@
 {% macro form(actions, url) %}
     {% if actions %}
     <form id="action_form" action="{{ url }}" method="POST" style="display: none">
+        {% if csrf_token %}
+        <input type="hidden" name="csrf_token" value="{{ csrf_token() }}"/>
+        {% endif %}
         <input type="hidden" id="action" name="action" />
     </form>
     {% endif %}

flask_admin/templates/admin/lib.html

@@ -112,6 +112,9 @@
     {% if form.hidden_tag is defined %}
         {{ form.hidden_tag() }}
     {% else %}
+        {% if csrf_token %}
+        <input type="hidden" name="csrf_token" value="{{ csrf_token() }}"/>
+        {% endif %}
         {% for f in form if f.type == 'HiddenField' %}
             {{ f }}
         {% endfor %}

flask_admin/templates/admin/model/list.html

@@ -107,7 +107,10 @@
                         {%- endif -%}
                         {%- if admin_view.can_delete -%}
                         <form class="icon" method="POST" action="{{ url_for('.delete_view', id=get_pk_value(row), url=return_url) }}">
-                            <button onclick="return confirm('{{ _gettext('You sure you want to delete this item?') }}');">
+                            {% if csrf_token %}
+                            <input type="hidden" name="csrf_token" value="{{ csrf_token() }}"/>
+                            {% endif %}
+                                <button onclick="return confirm('{{ _gettext('You sure you want to delete this item?') }}');">
                                 <i class="icon-trash"></i>
                             </button>
                         </form>