Fixed #858 - Automtically inject flask-wtf CSRF token even if form is not derived from flask-wtf

flask_admin/templates/bootstrap2/admin/model/list.html

@@ -110,7 +110,11 @@
                         <form class="icon" method="POST" action="{{ get_url('.delete_view') }}">
                             {{ delete_form.id(value=get_pk_value(row)) }}
                             {{ delete_form.url(value=return_url) }}
+                            {% if delete_form.csrf_token %}
                             {{ delete_form.csrf_token }}
+                            {% elif csrf_token %}
+                            <input type="hidden" name="csrf_token" value="{{ csrf_token() }}"/>
+                            {% endif %}
                             <button onclick="return confirm('{{ _gettext('Are you sure you want to delete this record?') }}');" title="{{ _gettext('Delete record') }}">
                                 <i class="fa fa-trash icon-trash"></i>
                             </button>

flask_admin/templates/bootstrap3/admin/model/list.html

@@ -110,7 +110,11 @@
                         <form class="icon" method="POST" action="{{ get_url('.delete_view') }}">
                             {{ delete_form.id(value=get_pk_value(row)) }}
                             {{ delete_form.url(value=return_url) }}
+                            {% if delete_form.csrf_token %}
                             {{ delete_form.csrf_token }}
+                            {% elif csrf_token %}
+                            <input type="hidden" name="csrf_token" value="{{ csrf_token() }}"/>
+                            {% endif %}
                             <button onclick="return confirm('{{ _gettext('Are you sure you want to delete this record?') }}');" title="Delete record">
                                 <span class="fa fa-trash glyphicon glyphicon-trash"></span>
                             </button>