improve fileadmin flexibility by moving forms into functions, fix CSRF, and...

improve fileadmin flexibility by moving forms into functions, fix CSRF, and fix error messages on validation failure

improve fileadmin flexibility by moving forms into functions, fix CSRF, and...
improve fileadmin flexibility by moving forms into functions, fix CSRF, and fix error messages on validation failure
b22b3dd1 · Paul Brown · 6b9d4fdf · b22b3dd1 · b22b3dd1 · b22b3dd1
Commit b22b3dd1 authored Mar 01, 2015 by Paul Brown
4 changed files
--- a/babel/admin.pot
+++ b/babel/admin.pot
--- a/flask_admin/contrib/fileadmin.py
+++ b/flask_admin/contrib/fileadmin.py
--- a/flask_admin/templates/bootstrap2/admin/file/list.html
+++ b/flask_admin/templates/bootstrap2/admin/file/list.html
@@ -58,7 +58,8 @@
                    {% if is_dir %}
                        {% if name != '..' and admin_view.can_delete_dirs %}
                        <form class="icon" method="POST" action="{{ get_url('.delete') }}">
-                            <input type="hidden" name="path" value="{{ path }}"></input>
+                            {{ delete_form.path(value=path) }}
+                            {{ delete_form.csrf_token }}
                            <button onclick="return confirm('{{ _gettext('Are you sure you want to delete \\\'%(name)s\\\' recursively?', name=name) }}')">
                                <i class="icon-remove"></i>
                            </button>
@@ -66,7 +67,8 @@
                        {% endif %}
                    {% else %}
                    <form class="icon" method="POST" action="{{ get_url('.delete') }}">
-                        <input type="hidden" name="path" value="{{ path }}"></input>
+                        {{ delete_form.path(value=path) }}
+                        {{ delete_form.csrf_token }}
                        <button onclick="return confirm('{{ _gettext('Are you sure you want to delete \\\'%(name)s\\\'?', name=name) }}')">
                            <i class="icon-remove"></i>
                        </button>

--- a/flask_admin/templates/bootstrap3/admin/file/list.html
+++ b/flask_admin/templates/bootstrap3/admin/file/list.html
@@ -57,8 +57,9 @@
                {%- if admin_view.can_delete and path -%}
                    {% if is_dir %}
                        {% if name != '..' and admin_view.can_delete_dirs %}
-                        <form class="icon" method="POST" action="{{ get_url('.delete') }}">
-                            <input type="hidden" name="path" value="{{ path }}"></input>
+                        <form class="icon" method="POST" action="{{ get_url('.delete') }}">                           
+                            {{ delete_form.path(value=path) }}
+                            {{ delete_form.csrf_token }}
                            <button onclick="return confirm('{{ _gettext('Are you sure you want to delete \\\'%(name)s\\\' recursively?', name=name) }}')">
                                <i class="glyphicon glyphicon-remove"></i>
                            </button>
@@ -66,7 +67,8 @@
                        {% endif %}
                    {% else %}
                    <form class="icon" method="POST" action="{{ get_url('.delete') }}">
-                        <input type="hidden" name="path" value="{{ path }}"></input>
+                        {{ delete_form.path(value=path) }}
+                        {{ delete_form.csrf_token }}
                        <button onclick="return confirm('{{ _gettext('Are you sure you want to delete \\\'%(name)s\\\'?', name=name) }}')">
                            <i class="glyphicon glyphicon-trash"></i>
                        </button>