Fix post edit action

- Add CSRF to post/page list pages (for deletion)
This commit is contained in:
Daniel J. Summers 2022-05-23 00:09:09 -04:00
parent 2c2db62e65
commit 664704d3d5
3 changed files with 8 additions and 4 deletions

View File

@ -129,8 +129,9 @@ let listPages pageNbr : HttpHandler = fun next ctx -> task {
let! pages = Data.Page.findPageOfPages webLog.id pageNbr ctx.Conn let! pages = Data.Page.findPageOfPages webLog.id pageNbr ctx.Conn
return! return!
Hash.FromAnonymousObject Hash.FromAnonymousObject
{| pages = pages |> List.map (DisplayPage.fromPageMinimal webLog) {| csrf = csrfToken ctx
page_title = "Pages" pages = pages |> List.map (DisplayPage.fromPageMinimal webLog)
page_title = "Pages"
|} |}
|> viewForTheme "admin" "page-list" next ctx |> viewForTheme "admin" "page-list" next ctx
} }
@ -191,7 +192,9 @@ let savePagePermalinks : HttpHandler = fun next ctx -> task {
let deletePage pgId : HttpHandler = fun next ctx -> task { let deletePage pgId : HttpHandler = fun next ctx -> task {
let webLog = ctx.WebLog let webLog = ctx.WebLog
match! Data.Page.delete (PageId pgId) webLog.id ctx.Conn with match! Data.Page.delete (PageId pgId) webLog.id ctx.Conn with
| true -> do! addMessage ctx { UserMessage.success with message = "Page deleted successfully" } | true ->
do! PageListCache.update ctx
do! addMessage ctx { UserMessage.success with message = "Page deleted successfully" }
| false -> do! addMessage ctx { UserMessage.error with message = "Page not found; nothing deleted" } | false -> do! addMessage ctx { UserMessage.error with message = "Page not found; nothing deleted" }
return! redirectToGet (WebLog.relativeUrl webLog (Permalink "admin/pages")) next ctx return! redirectToGet (WebLog.relativeUrl webLog (Permalink "admin/pages")) next ctx
} }

View File

@ -339,6 +339,7 @@ let all pageNbr : HttpHandler = fun next ctx -> task {
let! posts = Data.Post.findPageOfPosts webLog.id pageNbr 25 conn let! posts = Data.Post.findPageOfPosts webLog.id pageNbr 25 conn
let! hash = preparePostList webLog posts AdminList "" pageNbr 25 ctx conn let! hash = preparePostList webLog posts AdminList "" pageNbr 25 ctx conn
hash.Add ("page_title", "Posts") hash.Add ("page_title", "Posts")
hash.Add ("csrf", csrfToken ctx)
return! viewForTheme "admin" "post-list" next ctx hash return! viewForTheme "admin" "post-list" next ctx hash
} }

View File

@ -1,6 +1,6 @@
<h2 class="my-3">{{ page_title }}</h2> <h2 class="my-3">{{ page_title }}</h2>
<article> <article>
<form action="{{ "/admin/post/save" | relative_link }}" method="post"> <form action="{{ "admin/post/save" | relative_link }}" method="post">
<input type="hidden" name="{{ csrf.form_field_name }}" value="{{ csrf.request_token }}"> <input type="hidden" name="{{ csrf.form_field_name }}" value="{{ csrf.request_token }}">
<input type="hidden" name="postId" value="{{ model.post_id }}"> <input type="hidden" name="postId" value="{{ model.post_id }}">
<div class="container"> <div class="container">