пре 9 година · e3ccf35260
--- a/lib/util/swigFunctions.js
+++ b/lib/util/swigFunctions.js
@@ -6,7 +6,7 @@ module.exports = function(crowi, app, req, locals) {
 
				   ;
			
 
				 
			
 
				   // token getter
			
 
				-  locals._csrf = function() {
			
 
				+  locals.csrf = function() {
			
 
				     return req.csrfToken;
			
 
				   };
			
 
				 
			
--- a/lib/views/_form.html
+++ b/lib/views/_form.html
@@ -49,7 +49,7 @@
 
				           {% endfor %}
			
 
				         </select>
			
 
				         {% endif %}
			
 
				-        <input type="hidden" name="_csrf" value="{{ _csrf() }}">
			
 
				+        <input type="hidden" name="_csrf" value="{{ csrf() }}">
			
 
				         <input type="submit" class="btn btn-primary" id="edit-form-submit" value="ページを更新" />
			
 
				       </div>
			
 
				     </div>
			
--- a/lib/views/admin/app.html
+++ b/lib/views/admin/app.html
@@ -54,7 +54,7 @@
 
				 
			
 
				         <div class="form-group">
			
 
				           <div class="col-xs-offset-3 col-xs-6">
			
 
				-            <input type="hidden" name="_csrf" value="{{ _csrf() }}">
			
 
				+            <input type="hidden" name="_csrf" value="{{ csrf() }}">
			
 
				             <button type="submit" class="btn btn-primary">更新</button>
			
 
				           </div>
			
 
				         </div>
			
@@ -106,7 +106,7 @@
 
				 
			
 
				         <div class="form-group">
			
 
				           <div class="col-xs-offset-3 col-xs-6">
			
 
				-            <input type="hidden" name="_csrf" value="{{ _csrf() }}">
			
 
				+            <input type="hidden" name="_csrf" value="{{ csrf() }}">
			
 
				             <button type="submit" class="btn btn-primary">更新</button>
			
 
				           </div>
			
 
				         </div>
			
@@ -151,7 +151,7 @@
 
				 
			
 
				         <div class="form-group">
			
 
				           <div class="col-xs-offset-3 col-xs-6">
			
 
				-            <input type="hidden" name="_csrf" value="{{ _csrf() }}">
			
 
				+            <input type="hidden" name="_csrf" value="{{ csrf() }}">
			
 
				             <button type="submit" class="btn btn-primary">更新</button>
			
 
				           </div>
			
 
				         </div>
			
@@ -200,7 +200,7 @@
 
				 
			
 
				         <div class="form-group">
			
 
				           <div class="col-xs-offset-3 col-xs-6">
			
 
				-            <input type="hidden" name="_csrf" value="{{ _csrf() }}">
			
 
				+            <input type="hidden" name="_csrf" value="{{ csrf() }}">
			
 
				             <button type="submit" class="btn btn-primary">更新</button>
			
 
				           </div>
			
 
				         </div>
			
@@ -229,7 +229,7 @@
 
				 
			
 
				         <div class="form-group">
			
 
				           <div class="col-xs-offset-3 col-xs-6">
			
 
				-            <input type="hidden" name="_csrf" value="{{ _csrf() }}">
			
 
				+            <input type="hidden" name="_csrf" value="{{ csrf() }}">
			
 
				             <button type="submit" class="btn btn-primary">更新</button>
			
 
				           </div>
			
 
				         </div>
			
--- a/lib/views/admin/notification.html
+++ b/lib/views/admin/notification.html
@@ -65,7 +65,7 @@
 
				           </div>
			
 
				         </div>
			
 
				       </fieldset>
			
 
				-      <input type="hidden" name="_csrf" value="{{ _csrf() }}">
			
 
				+      <input type="hidden" name="_csrf" value="{{ csrf() }}">
			
 
				       </form>
			
 
				 
			
 
				       {% if hasSlackConfig %}
			
@@ -109,7 +109,7 @@
 
				               </p>
			
 
				             </td>
			
 
				             <td>
			
 
				-              <input type="hidden" name="_csrf" value="{{ _csrf() }}">
			
 
				+              <input type="hidden" name="_csrf" value="{{ csrf() }}">
			
 
				               <input type="submit" value="Add" class="btn btn-primary">
			
 
				             </td>
			
 
				           </tr>
			
@@ -126,7 +126,7 @@
 
				             <td>
			
 
				               <form class="admin-remove-updatepost">
			
 
				                 <input type="hidden" name="id" value="{{ notif._id.toString() }}">
			
 
				-                <input type="hidden" name="_csrf" value="{{ _csrf() }}">
			
 
				+                <input type="hidden" name="_csrf" value="{{ csrf() }}">
			
 
				                 <input type="submit" value="Delete" class="btn btn-default">
			
 
				               </form>
			
 
				             </td>
			
--- a/lib/views/admin/search.html
+++ b/lib/views/admin/search.html
@@ -51,7 +51,7 @@
 
				           </div>
			
 
				         </div>
			
 
				       </fieldset>
			
 
				-      <input type="hidden" name="_csrf" value="{{ _csrf() }}">
			
 
				+      <input type="hidden" name="_csrf" value="{{ csrf() }}">
			
 
				       </form>
			
 
				 
			
 
				     </div>
			
--- a/lib/views/admin/users.html
+++ b/lib/views/admin/users.html
@@ -48,7 +48,7 @@
 
				           </div>
			
 
				           <button type="submit" class="btn btn-primary">招待する</button>
			
 
				         </div>
			
 
				-        <input type="hidden" name="_csrf" value="{{ _csrf() }}">
			
 
				+        <input type="hidden" name="_csrf" value="{{ csrf() }}">
			
 
				       </form>
			
 
				 
			
 
				       {% set createdUser = req.flash('createdUser') %}
			
@@ -127,33 +127,33 @@
 
				                   <li class="dropdown-button">
			
 
				                   {% if sUser.status == 1 %}
			
 
				                   <form action="/admin/user/{{ sUser._id.toString() }}/activate" method="post">
			
 
				-                    <input type="hidden" name="_csrf" value="{{ _csrf() }}">
			
 
				+                    <input type="hidden" name="_csrf" value="{{ csrf() }}">
			
 
				                     <button type="submit" class="btn btn-block btn-info">承認する</button>
			
 
				                   </form>
			
 
				                   {% endif  %}
			
 
				                   {% if sUser.status == 2 %}
			
 
				                   <form action="/admin/user/{{ sUser._id.toString() }}/suspend" method="post">
			
 
				-                    <input type="hidden" name="_csrf" value="{{ _csrf() }}">
			
 
				+                    <input type="hidden" name="_csrf" value="{{ csrf() }}">
			
 
				                     <button type="submit" class="btn btn-block btn-warning">アカウント停止</button>
			
 
				                   </form>
			
 
				                   {% endif  %}
			
 
				                   {% if sUser.status == 3 %}
			
 
				                   <form action="/admin/user/{{ sUser._id.toString() }}/activate" method="post">
			
 
				-                    <input type="hidden" name="_csrf" value="{{ _csrf() }}">
			
 
				+                    <input type="hidden" name="_csrf" value="{{ csrf() }}">
			
 
				                     <button type="submit" class="btn btn-block btn-default">元に戻す</button>
			
 
				                   </form>
			
 
				                   </li>
			
 
				                   <li class="dropdown-button">
			
 
				                   {# label は同じだけど、こっちは論理削除 #}
			
 
				                   <form action="/admin/user/{{ sUser._id.toString() }}/remove" method="post">
			
 
				-                    <input type="hidden" name="_csrf" value="{{ _csrf() }}">
			
 
				+                    <input type="hidden" name="_csrf" value="{{ csrf() }}">
			
 
				                     <button type="submit" class="btn btn-block btn-danger">削除する</button>
			
 
				                   </form>
			
 
				                   {% endif  %}
			
 
				                   {% if sUser.status == 5 %}
			
 
				                   {# label は同じだけど、こっちは物理削除 #}
			
 
				                   <form action="/admin/user/{{ sUser._id.toString() }}/removeCompletely" method="post">
			
 
				-                    <input type="hidden" name="_csrf" value="{{ _csrf() }}">
			
 
				+                    <input type="hidden" name="_csrf" value="{{ csrf() }}">
			
 
				                     <button type="submit" class="btn btn-block btn-danger">削除する</button>
			
 
				                   </form>
			
 
				                   {% endif  %}
			
@@ -167,7 +167,7 @@
 
				                     {% if sUser.admin %}
			
 
				                       {% if sUser.username != user.username %}
			
 
				                       <form action="/admin/user/{{ sUser._id.toString() }}/removeFromAdmin" method="post">
			
 
				-                        <input type="hidden" name="_csrf" value="{{ _csrf() }}">
			
 
				+                        <input type="hidden" name="_csrf" value="{{ csrf() }}">
			
 
				                         <button type="submit" class="btn btn-block btn-danger">管理者からはずす</button>
			
 
				                       </form>
			
 
				                       {% else %}
			
@@ -175,7 +175,7 @@
 
				                       {% endif %}
			
 
				                     {% else %}
			
 
				                       <form action="/admin/user/{{ sUser._id.toString() }}/makeAdmin" method="post">
			
 
				-                        <input type="hidden" name="_csrf" value="{{ _csrf() }}">
			
 
				+                        <input type="hidden" name="_csrf" value="{{ csrf() }}">
			
 
				                         <button type="submit" class="btn btn-block btn-primary">管理者にする</button>
			
 
				                       </form>
			
 
				                     {% endif %}
			
--- a/lib/views/installer.html
+++ b/lib/views/installer.html
@@ -65,7 +65,7 @@
 
				       パスワードは6文字以上の半角英数字または記号
			
 
				       </p>
			
 
				 
			
 
				-      <input type="hidden" name="_csrf" value="{{ _csrf() }}">
			
 
				+      <input type="hidden" name="_csrf" value="{{ csrf() }}">
			
 
				       <input type="submit" class="btn btn-primary btn-lg btn-block" value="作成">
			
 
				     </form>
			
 
				 
			
--- a/lib/views/invited.html
+++ b/lib/views/invited.html
@@ -80,7 +80,7 @@
 
				       パスワードは6文字以上の半角英数字または記号
			
 
				       </p>
			
 
				 
			
 
				-      <input type="hidden" name="_csrf" value="{{ _csrf() }}">
			
 
				+      <input type="hidden" name="_csrf" value="{{ csrf() }}">
			
 
				       <input type="submit" class="btn btn-primary btn-lg btn-block" value="登録を完了">
			
 
				     </form>
			
 
				 
			
--- a/lib/views/login.html
+++ b/lib/views/login.html
@@ -49,7 +49,7 @@
 
				         <input type="password" class="form-control" placeholder="Password" name="loginForm[password]">
			
 
				       </div>
			
 
				 
			
 
				-      <input type="hidden" name="_csrf" value="{{ _csrf() }}">
			
 
				+      <input type="hidden" name="_csrf" value="{{ csrf() }}">
			
 
				       <input type="submit" class="btn btn-primary btn-lg btn-block" value="Login">
			
 
				     </form>
			
 
				 
			
@@ -61,7 +61,7 @@
 
				         <p>Google でログイン</p>
			
 
				         <form role="form" action="/login/google" method="get">
			
 
				           <button type="submit" class="btn btn-block btn-google"><i class="fa fa-google-plus-square"></i> Login</button>
			
 
				-          <input type="hidden" name="_csrf" value="{{ _csrf() }}">
			
 
				+          <input type="hidden" name="_csrf" value="{{ csrf() }}">
			
 
				         </form>
			
 
				       </div>
			
 
				       {% endif %}
			
@@ -164,7 +164,7 @@
 
				       {% if googleImage %}
			
 
				         <input type="hidden" name="registerForm[googleImage]" value="{{ googleImage }}">
			
 
				       {% endif  %}
			
 
				-      <input type="hidden" name="_csrf" value="{{ _csrf() }}">
			
 
				+      <input type="hidden" name="_csrf" value="{{ csrf() }}">
			
 
				       <input type="submit" class="btn btn-primary btn-lg btn-block" value="新規登録">
			
 
				     </form>
			
 
				 
			
@@ -175,7 +175,7 @@
 
				       <div class="col-md-6">
			
 
				         <p>Google で登録</p>
			
 
				         <form role="form" method="post" action="/register/google">
			
 
				-          <input type="hidden" name="_csrf" value="{{ _csrf() }}">
			
 
				+          <input type="hidden" name="_csrf" value="{{ csrf() }}">
			
 
				           <button type="submit" class="btn btn-block btn-google"><i class="fa fa-google-plus-square"></i> Login</button>
			
 
				         </form>
			
 
				       </div>
			
--- a/lib/views/modal/delete.html
+++ b/lib/views/modal/delete.html
@@ -19,7 +19,7 @@
 
				         </div>
			
 
				         <div class="modal-footer">
			
 
				           <p><small class="pull-left" id="delete-errors"></small></p>
			
 
				-          <input type="hidden" name="_csrf" value="{{ _csrf() }}">
			
 
				+          <input type="hidden" name="_csrf" value="{{ csrf() }}">
			
 
				           <input type="hidden" name="path" value="{{ page.path }}">
			
 
				           <input type="hidden" name="page_id" value="{{ page._id.toString() }}">
			
 
				           <input type="hidden" name="revision_id" value="{{ page.revision._id.toString() }}">
			
--- a/lib/views/modal/rename.html
+++ b/lib/views/modal/rename.html
@@ -40,7 +40,7 @@
 
				         </div>
			
 
				         <div class="modal-footer">
			
 
				           <p><small class="pull-left" id="newPageNameCheck"></small></p>
			
 
				-          <input type="hidden" name="_csrf" value="{{ _csrf() }}">
			
 
				+          <input type="hidden" name="_csrf" value="{{ csrf() }}">
			
 
				           <input type="hidden" name="path" value="{{ page.path }}">
			
 
				           <input type="hidden" name="page_id" value="{{ page._id.toString() }}">
			
 
				           <input type="hidden" name="revision_id" value="{{ page.revision._id.toString() }}">
			
--- a/lib/views/modal/unportalize.html
+++ b/lib/views/modal/unportalize.html
@@ -33,7 +33,7 @@
 
				         </div>
			
 
				         <div class="modal-footer">
			
 
				           <p><small class="pull-left" id="newPageNameCheck"></small></p>
			
 
				-          <input type="hidden" name="_csrf" value="{{ _csrf() }}">
			
 
				+          <input type="hidden" name="_csrf" value="{{ csrf() }}">
			
 
				           <input type="hidden" name="path" value="{{ page.path }}">
			
 
				           <input type="hidden" class="form-control" name="new_path" id="newPageName" value="{{ unportalizedPath }}">
			
 
				           <input type="hidden" name="page_id" value="{{ page._id.toString() }}">
			
--- a/lib/views/page.html
+++ b/lib/views/page.html
@@ -14,14 +14,14 @@
 
				 
			
 
				 
			
 
				     {% if page %}
			
 
				-    <a href="#" title="Bookmark" class="bookmark-link" id="bookmark-button" data-csrftoken="{{ _csrf() }}" data-bookmarked="0"><i class="fa fa-star-o"></i></a>
			
 
				+    <a href="#" title="Bookmark" class="bookmark-link" id="bookmark-button" data-csrftoken="{{ csrf() }}" data-bookmarked="0"><i class="fa fa-star-o"></i></a>
			
 
				     {% endif %}
			
 
				     <h1 class="title" id="revision-path">{{ path|insertSpaceToEachSlashes }}</h1>
			
 
				   </header>
			
 
				   {% else %}
			
 
				   {# trash/* #}
			
 
				   <header id="page-header">
			
 
				-    <a href="#" title="Bookmark" class="bookmark-link" id="bookmark-button" data-csrftoken="{{ _csrf() }}" data-bookmarked="0"><i class="fa fa-star-o"></i></a>
			
 
				+    <a href="#" title="Bookmark" class="bookmark-link" id="bookmark-button" data-csrftoken="{{ csrf() }}" data-bookmarked="0"><i class="fa fa-star-o"></i></a>
			
 
				     <h1 class="title">{{ path|insertSpaceToEachSlashes }}</h1>
			
 
				   </header>
			
 
				   {% endif %}
			
@@ -66,7 +66,7 @@
 
				   {% if page.isDeleted() %}
			
 
				   <div class="alert alert-danger">
			
 
				     <form role="form" class="pull-right" id="revert-delete-page-form" onsubmit="return false;">
			
 
				-      <input type="hidden" name="_csrf" value="{{ _csrf() }}">
			
 
				+      <input type="hidden" name="_csrf" value="{{ csrf() }}">
			
 
				       <input type="hidden" name="path" value="{{ page.path }}">
			
 
				       <input type="hidden" name="page_id" value="{{ page._id.toString() }}">
			
 
				       <input type="submit" class="btn btn-danger btn-inverse btn-sm" value="Put Back!">
			
--- a/lib/views/page_list.html
+++ b/lib/views/page_list.html
@@ -15,7 +15,7 @@
 
				 <div class="header-wrap">
			
 
				   <header class="portal-header {% if page %}has-page{% endif %}">
			
 
				     {% if page %}
			
 
				-      <a href="#" title="Bookmark" class="bookmark-link" id="bookmark-button" data-csrftoken="{{ _csrf() }}" data-bookmarked="0"><i class="fa fa-star-o"></i></a>
			
 
				+      <a href="#" title="Bookmark" class="bookmark-link" id="bookmark-button" data-csrftoken="{{ csrf() }}" data-bookmarked="0"><i class="fa fa-star-o"></i></a>
			
 
				 
			
 
				     {% endif %}
			
 
				     <h1 class="title">
			
--- a/lib/views/widget/page_side_content.html
+++ b/lib/views/widget/page_side_content.html
@@ -19,7 +19,7 @@
 
				           <textarea class="comment-form-comment form-control" id="comment-form-comment" name="commentForm[comment]"></textarea>
			
 
				         </div>
			
 
				         <div class="comment-submit">
			
 
				-          <input type="hidden" name="_csrf" value="{{ _csrf() }}">
			
 
				+          <input type="hidden" name="_csrf" value="{{ csrf() }}">
			
 
				           <input type="hidden" name="commentForm[page_id]" value="{{ page._id.toString() }}">
			
 
				           <input type="hidden" name="commentForm[revision_id]" value="{{ revision._id.toString() }}">
			
 
				           <span class="text-danger" id="comment-form-message"></span>
			
--- a/lib/views/widget/page_side_header.html
+++ b/lib/views/widget/page_side_header.html
@@ -33,7 +33,7 @@
 
				         <p class="liker-count">
			
 
				         <span id="like-count">{{ page.liker.length }}</span>
			
 
				         <button
			
 
				-          data-csrftoken="{{ _csrf() }}"
			
 
				+          data-csrftoken="{{ csrf() }}"
			
 
				           data-liked="{% if page.isLiked(user) %}1{% else %}0{% endif %}"
			
 
				           class="btn btn-default btn-sm {% if page.isLiked(user) %}active{% endif %}"
			
 
				           id="like-button"><i class="fa fa-thumbs-o-up"></i> いいね！</button>