Skip to content

F
flask-admin
Unverified Commit e9da9b29 authored by ufo911's avatar ufo911 Committed by GitHub
Browse files
Options

fix for csrf dir delete

parent 5d97b8ee
Hide whitespace changes
Inline Side-by-side
Showing with 13 additions and 5 deletions
flask_admin/templates/bootstrap3/admin/file/list.html
View file @ e9da9b29
...@@ -37,7 +37,7 @@ ...@@ -37,7 +37,7 @@
<th> <th>
{% if admin_view.is_column_sortable(column) %} {% if admin_view.is_column_sortable(column) %}
{% if sort_column == column %} {% if sort_column == column %}
<a href="{{ sort_url(column, True) }}" title="{{ _gettext('Sort by %(name)s', name=column) }}"> <a href="{{ sort_url(column, dir_path, True) }}" title="{{ _gettext('Sort by %(name)s', name=column) }}">
{{ admin_view.column_label(column) }} {{ admin_view.column_label(column) }}
{% if sort_desc %} {% if sort_desc %}
<span class="fa fa-chevron-up glyphicon glyphicon-chevron-up"></span> <span class="fa fa-chevron-up glyphicon glyphicon-chevron-up"></span>
...@@ -46,7 +46,7 @@ ...@@ -46,7 +46,7 @@
{% endif %} {% endif %}
</a> </a>
{% else %} {% else %}
<a href="{{ sort_url(column) }}" title="{{ _gettext('Sort by %(name)s', name=column) }}">{{ admin_view.column_label(column) }}</a> <a href="{{ sort_url(column, dir_path) }}" title="{{ _gettext('Sort by %(name)s', name=column) }}">{{ admin_view.column_label(column) }}</a>
{% endif %} {% endif %}
{% else %} {% else %}
{{ _gettext(admin_view.column_label(column)) }} {{ _gettext(admin_view.column_label(column)) }}
...@@ -84,7 +84,11 @@ ...@@ -84,7 +84,11 @@
{% if name != '..' and admin_view.can_delete_dirs %} {% if name != '..' and admin_view.can_delete_dirs %}
<form class="icon" method="POST" action="{{ get_url('.delete') }}"> <form class="icon" method="POST" action="{{ get_url('.delete') }}">
{{ delete_form.path(value=path) }} {{ delete_form.path(value=path) }}
{{ delete_form.csrf_token }} {% if delete_form.csrf_token %}
{{ delete_form.csrf_token }}
{% elif csrf_token %}
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}"/>
{% endif %}
<button onclick="return confirm('{{ _gettext('Are you sure you want to delete \\\'%(name)s\\\' recursively?', name=name) }}')"> <button onclick="return confirm('{{ _gettext('Are you sure you want to delete \\\'%(name)s\\\' recursively?', name=name) }}')">
<i class="fa fa-times glyphicon glyphicon-remove"></i> <i class="fa fa-times glyphicon glyphicon-remove"></i>
</button> </button>
...@@ -93,7 +97,11 @@ ...@@ -93,7 +97,11 @@
{% else %} {% else %}
<form class="icon" method="POST" action="{{ get_url('.delete') }}"> <form class="icon" method="POST" action="{{ get_url('.delete') }}">
{{ delete_form.path(value=path) }} {{ delete_form.path(value=path) }}
{{ delete_form.csrf_token }} {% if delete_form.csrf_token %}
{{ delete_form.csrf_token }}
{% elif csrf_token %}
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}"/>
{% endif %}
<button onclick="return confirm('{{ _gettext('Are you sure you want to delete \\\'%(name)s\\\'?', name=name) }}')"> <button onclick="return confirm('{{ _gettext('Are you sure you want to delete \\\'%(name)s\\\'?', name=name) }}')">
<i class="fa fa-trash glyphicon glyphicon-trash"></i> <i class="fa fa-trash glyphicon glyphicon-trash"></i>
</button> </button>
...@@ -126,12 +134,12 @@ ...@@ -126,12 +134,12 @@
{{ size|filesizeformat }} {{ size|filesizeformat }}
</td> </td>
{% endif %} {% endif %}
{% endif %}
{% if admin_view.is_column_visible('date') %} {% if admin_view.is_column_visible('date') %}
<td> <td>
{{ timestamp_format(date) }} {{ timestamp_format(date) }}
</td> </td>
{% endif %} {% endif %}
{% endif %}
{% endblock %} {% endblock %}
</tr> </tr>
{% endfor %} {% endfor %}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment