From f4f5771ff6c542d86fc06b0e32c972ef6e54b37a Mon Sep 17 00:00:00 2001
From: Robin Sonnabend <robin@fsmpi.rwth-aachen.de>
Date: Fri, 16 Mar 2018 11:44:54 +0100
Subject: [PATCH] Add csrf_token to delete_protocol links

---
 templates/protocol-show.html | 2 +-
 views/tables.py              | 4 +++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/templates/protocol-show.html b/templates/protocol-show.html
index ba615a8..b5546fe 100644
--- a/templates/protocol-show.html
+++ b/templates/protocol-show.html
@@ -51,7 +51,7 @@
                 {% endif %}
                 {% if has_admin_right %}
             <a class="btn btn-default" href="{{url_for("recompile_protocol", protocol_id=protocol.id, csrf_token=get_csrf_token())}}">Neu kompilieren</a>
-            <a class="btn btn-danger" href="{{url_for("delete_protocol", protocol_id=protocol.id)}}" onclick="return confirm('Bist du dir sicher, dass du das Protokoll {{protocol.get_short_identifier()}} löschen möchtest?');">Löschen</a>
+            <a class="btn btn-danger" href="{{url_for("delete_protocol", protocol_id=protocol.id, csrf_token=get_csrf_token())}}" onclick="return confirm('Bist du dir sicher, dass du das Protokoll {{protocol.get_short_identifier()}} löschen möchtest?');">Löschen</a>
                 {% endif %}
             {% endif %}
         </div>
diff --git a/views/tables.py b/views/tables.py
index e3f60f5..7c75dd1 100644
--- a/views/tables.py
+++ b/views/tables.py
@@ -144,7 +144,9 @@ class ProtocolsTable(Table):
 
         if protocol.protocoltype.has_admin_right(user):
             buttons.append(Table.button(
-                url_for("delete_protocol", protocol_id=protocol.id),
+                url_for(
+                    "delete_protocol", protocol_id=protocol.id,
+                    csrf_token=get_csrf_token()),
                 icon="trash",
                 style="danger",
                 confirm="Bist du dir sicher, dass du das Protokoll {} "
-- 
GitLab