From c323c856f81c9e637d2dd418ed2a038e4e370dd1 Mon Sep 17 00:00:00 2001
From: Andreas <andreasv@fsmpi.rwth-aachen.de>
Date: Thu, 13 Oct 2016 22:25:45 +0200
Subject: [PATCH] fixed #98, fixed #107

---
 templates/course.html  | 2 +-
 templates/courses.html | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/templates/course.html b/templates/course.html
index 154fc2c..eed96bb 100644
--- a/templates/course.html
+++ b/templates/course.html
@@ -51,7 +51,7 @@
 </div>
 <div class="panel panel-default">
 	<div class="panel-heading">
-		<h1 class="panel-title">Videos{% if ismod() %} <a class="btn btn-default" style="margin-right: 5px;" href="{{ url_for('create', table='lectures', time=datetime.now(), title='Noch kein Titel', visible='0', course_id=course.id, ref=request.url) }}">Neuer Termin</a><a class="btn btn-default" style="margin-right: 5px;" href="{{url_for('import_from', id=course['id'])}}">Campus Import</a>{% endif %} <a class="fa fa-rss-square pull-right" aria-hidden="true" href="{{url_for('feed', handle=course.handle)}}"></a> </h1>
+		<h1 class="panel-title">Videos{% if ismod() %} <a class="btn btn-default" style="margin-right: 5px;" href="{{ url_for('create', table='lectures', time=datetime.now(), title='Noch kein Titel', visible='0', course_id=course.id, ref=request.url, _csrf_token=session['_csrf_token']) }}">Neuer Termin</a><a class="btn btn-default" style="margin-right: 5px;" href="{{url_for('import_from', id=course['id'])}}">Campus Import</a>{% endif %} <a class="fa fa-rss-square pull-right" aria-hidden="true" href="{{url_for('feed', handle=course.handle)}}"></a> </h1>
 	</div>
 	<ul class="list-group lectureslist">
 		{% for l in lectures %}
diff --git a/templates/courses.html b/templates/courses.html
index 7a1cf91..508cd6d 100644
--- a/templates/courses.html
+++ b/templates/courses.html
@@ -9,7 +9,7 @@
 			</li>
 			{% if ismod() %} 
 			<li>
-				<a class="btn btn-default" href="{{ url_for('create', table='courses', handle='new'+(randint(0,1000)|string), title='Neue Veranstaltung', responsible=session.user.givenName, ref=request.url) }}">Neue Veranstaltung</a>
+				<a class="btn btn-default" href="{{ url_for('create', table='courses', handle='new'+(randint(0,1000)|string), title='Neue Veranstaltung', responsible=session.user.givenName, ref=request.url, _csrf_token=session['_csrf_token']) }}">Neue Veranstaltung</a>
 			</li>
 			{% endif %}
 			<li class="dropdown" style="padding-right: 0px">
-- 
GitLab