# HG changeset patch
# User Brian Neal <bgneal@gmail.com>
# Date 1270324856 0
# Node ID 6a5549c2efb51acf41139fb464470cc724b66ac8
# Parent  fa7d82bfb100f162efc6635d198354b1e85cbd82
Implement #62, add support for CSRF protection.

diff -r fa7d82bfb100 -r 6a5549c2efb5 gpp/settings.py
--- a/gpp/settings.py	Sat Apr 03 02:15:04 2010 +0000
+++ b/gpp/settings.py	Sat Apr 03 20:00:56 2010 +0000
@@ -76,6 +76,7 @@
 if DEBUG:
     MIDDLEWARE_CLASSES = (
         'django.middleware.common.CommonMiddleware',
+        'django.middleware.csrf.CsrfViewMiddleware',
         'django.contrib.sessions.middleware.SessionMiddleware',
         'django.contrib.messages.middleware.MessageMiddleware',
         'debug_toolbar.middleware.DebugToolbarMiddleware',
@@ -86,6 +87,7 @@
 else:
     MIDDLEWARE_CLASSES = (
         'django.middleware.common.CommonMiddleware',
+        'django.middleware.csrf.CsrfViewMiddleware',
         'django.contrib.sessions.middleware.SessionMiddleware',
         'django.contrib.messages.middleware.MessageMiddleware',
         'django.contrib.auth.middleware.AuthenticationMiddleware',
diff -r fa7d82bfb100 -r 6a5549c2efb5 gpp/templates/accounts/login.html
--- a/gpp/templates/accounts/login.html	Sat Apr 03 02:15:04 2010 +0000
+++ b/gpp/templates/accounts/login.html	Sat Apr 03 20:00:56 2010 +0000
@@ -3,13 +3,12 @@
 {% block content %}
 <h2>Login</h2>
 
-<form method="post" action=".">
+<form method="post" action=".">{% csrf_token %}
 <table>
 {{ form.as_table }}
 <tr><td>&nbsp;</td><td><input type="submit" value="Login" /></td></tr>
 </table>
 <input type="hidden" name="next" value="{{ next }}" />
-{% csrf_token %}
 </form>
 
 <ul>
diff -r fa7d82bfb100 -r 6a5549c2efb5 gpp/templates/accounts/password_change.html
--- a/gpp/templates/accounts/password_change.html	Sat Apr 03 02:15:04 2010 +0000
+++ b/gpp/templates/accounts/password_change.html	Sat Apr 03 20:00:56 2010 +0000
@@ -2,7 +2,7 @@
 {% block title %}Change Password{% endblock %}
 {% block content %}
 <h2>Change Password</h2>
-<form method="post" action=".">
+<form method="post" action=".">{% csrf_token %}
 <table>
 {{ form.as_table }}
 <tr><td>&nbsp;</td><td><input type="submit" value="Change Password" />
diff -r fa7d82bfb100 -r 6a5549c2efb5 gpp/templates/accounts/password_reset.html
--- a/gpp/templates/accounts/password_reset.html	Sat Apr 03 02:15:04 2010 +0000
+++ b/gpp/templates/accounts/password_reset.html	Sat Apr 03 20:00:56 2010 +0000
@@ -5,7 +5,7 @@
 <p>Forgot your password? No problem. Just enter your email address and we will
 email you instructions on how to reset it. 
 </p>
-<form method="post" action=".">
+<form method="post" action=".">{% csrf_token %}
 <table>
 {{ form.as_table }}
 <tr><td>&nbsp;</td><td><input type="submit" value="Reset Password" />
diff -r fa7d82bfb100 -r 6a5549c2efb5 gpp/templates/accounts/password_reset_confirm.html
--- a/gpp/templates/accounts/password_reset_confirm.html	Sat Apr 03 02:15:04 2010 +0000
+++ b/gpp/templates/accounts/password_reset_confirm.html	Sat Apr 03 20:00:56 2010 +0000
@@ -6,7 +6,7 @@
 <p>
 Please use the following form to reset your password.
 </p>
-<form method="post" action=".">
+<form method="post" action=".">{% csrf_token %}
 <table>
 {{ form.as_table }}
 <tr><td>&nbsp;</td><td><input type="submit" value="Reset Password" />
diff -r fa7d82bfb100 -r 6a5549c2efb5 gpp/templates/accounts/register.html
--- a/gpp/templates/accounts/register.html	Sat Apr 03 02:15:04 2010 +0000
+++ b/gpp/templates/accounts/register.html	Sat Apr 03 20:00:56 2010 +0000
@@ -13,7 +13,7 @@
    <li>You must agree to our <a href="/policy/tos/" target="_blank">Terms of Service</a>.</li>
    <li>You must agree to our <a href="/policy/privacy/" target="_blank">Privacy Policy</a>.</li>
 </ul>
-<form action="." method="post">
+<form action="." method="post">{% csrf_token %}
 <table>
    {{ form.as_table }}
    <tr><td>&nbsp;</td><td><input type="submit" value="Register" /></td></tr>
diff -r fa7d82bfb100 -r 6a5549c2efb5 gpp/templates/bio/avatar.html
--- a/gpp/templates/bio/avatar.html	Sat Apr 03 02:15:04 2010 +0000
+++ b/gpp/templates/bio/avatar.html	Sat Apr 03 20:00:56 2010 +0000
@@ -15,7 +15,7 @@
    this it will be scaled down to 100 x 100 pixels. For best results, please ensure your
    image is square.
    </p>
-   <form enctype="multipart/form-data" method="POST" action=".">
+   <form enctype="multipart/form-data" method="POST" action=".">{% csrf_token %}
       {{ form.as_p }}
       <input type="submit" value="Update Avatar" />
       &nbsp;<a href="{% url bio-me %}">Cancel</a>
diff -r fa7d82bfb100 -r 6a5549c2efb5 gpp/templates/bio/edit_elsewhere.html
--- a/gpp/templates/bio/edit_elsewhere.html	Sat Apr 03 02:15:04 2010 +0000
+++ b/gpp/templates/bio/edit_elsewhere.html	Sat Apr 03 20:00:56 2010 +0000
@@ -9,7 +9,7 @@
         <li>
         <img src="{{ MEDIA_URL }}elsewhere/{{ profile.icon_name }}" alt="{{ profile.name }}" />
             <a href="{{ profile.url }}" rel="me">{{ profile.name }}</a>
-            <form id="delete-network-{{ profile.id }}" method="post" action=".">
+            <form id="delete-network-{{ profile.id }}" method="post" action=".">{% csrf_token %}
                 <input type="hidden" name="delete_id" value="{{ profile.id }}" />
                 <input type="submit" name="delete-sn-form" value="Delete" class="button" />
             </form>
@@ -20,7 +20,7 @@
     <p>No social network profiles.</p>
 {% endif %}
 
-<form method="post" action=".">
+<form method="post" action=".">{% csrf_token %}
 <fieldset>
 <legend>Add a Social Network</legend>
     {{ sn_form.as_p }}
@@ -38,7 +38,7 @@
         <li>
         <img src="{{ MEDIA_URL }}elsewhere/{{ profile.icon_name }}" alt="{{ profile.name }}" />
             {{ profile.name }}: <a href="{{ profile.url }}">{{ profile.username }}</a>
-            <form id="delete-messenger-{{ profile.id }}" method="post" action=".">
+            <form id="delete-messenger-{{ profile.id }}" method="post" action=".">{% csrf_token %}
                 <input type="hidden" name="delete_id" value="{{ profile.id }}" />
                 <input type="submit" name="delete-im-form" value="Delete" class="button" />
             </form>
@@ -49,7 +49,7 @@
     <p>No instant messenger profiles.</p>
 {% endif %}
 
-<form method="post" action=".">
+<form method="post" action=".">{% csrf_token %}
 <fieldset>
 <legend>Add an Instant Messenger</legend>
     {{ im_form.as_p }}
@@ -64,7 +64,7 @@
         <li>
            <img src="{{ MEDIA_URL }}icons/world.png" alt="{{ profile.name }}" />
             <a href="{{ profile.url }}" rel="me">{{ profile.name }}</a>
-            <form id="delete-website-{{ profile.id }}" method="post" action=".">
+            <form id="delete-website-{{ profile.id }}" method="post" action=".">{% csrf_token %}
                 <input type="hidden" name="delete_id" value="{{ profile.id }}" />
                 <input type="submit" name="delete-w-form" value="Delete" class="button" />
             </form>
@@ -75,7 +75,7 @@
     <p>No website profiles.</p>
 {% endif %}
 
-<form method="post" action=".">
+<form method="post" action=".">{% csrf_token %}
 <fieldset>
 <legend>Add a Website</legend>
     {{ w_form.as_p }}
diff -r fa7d82bfb100 -r 6a5549c2efb5 gpp/templates/bio/edit_profile.html
--- a/gpp/templates/bio/edit_profile.html	Sat Apr 03 02:15:04 2010 +0000
+++ b/gpp/templates/bio/edit_profile.html	Sat Apr 03 20:00:56 2010 +0000
@@ -8,7 +8,7 @@
 {% block content %}
 <div class="user_profile">
 <h2>Edit Profile for {{ user.username }}</h2>
-<form action="{% url bio-edit_profile %}" method="post">
+<form action="{% url bio-edit_profile %}" method="post">{% csrf_token %}
 <table>
    <tr>
       <td>
diff -r fa7d82bfb100 -r 6a5549c2efb5 gpp/templates/bio/member_search.html
--- a/gpp/templates/bio/member_search.html	Sat Apr 03 02:15:04 2010 +0000
+++ b/gpp/templates/bio/member_search.html	Sat Apr 03 20:00:56 2010 +0000
@@ -6,7 +6,7 @@
 {% block content %}
 <h2>Member Search</h2>
 <p>Looking for a member? Start typing a username in the form below.</p>
-<form action="." method="post">
+<form action="." method="post">{% csrf_token %}
 <fieldset>
 <legend>Member Search</legend>
    {{ form.as_p }}
diff -r fa7d82bfb100 -r 6a5549c2efb5 gpp/templates/comments/comment_form.html
--- a/gpp/templates/comments/comment_form.html	Sat Apr 03 02:15:04 2010 +0000
+++ b/gpp/templates/comments/comment_form.html	Sat Apr 03 20:00:56 2010 +0000
@@ -1,6 +1,6 @@
 {% load core_tags %}
 {% if user.is_authenticated %}
-<form action="{% url comments-post %}" method="post" id="comment-form">
+<form action="{% url comments-post %}" method="post" id="comment-form">{% csrf_token %}
 {{ form.as_p }}
 {% comment_dialogs %}
 <input type="submit" name="post" value="Post Comment" id="comment-form-post"/>
diff -r fa7d82bfb100 -r 6a5549c2efb5 gpp/templates/contact/contact_form.html
--- a/gpp/templates/contact/contact_form.html	Sat Apr 03 02:15:04 2010 +0000
+++ b/gpp/templates/contact/contact_form.html	Sat Apr 03 20:00:56 2010 +0000
@@ -4,7 +4,7 @@
 <h2>Contact Us</h2>
 <p>Please use the following form to contact the site management. Your feedback and comments are very
 important to us.</p>
-<form action="{% url contact.views.contact_form %}" method="post">
+<form action="{% url contact.views.contact_form %}" method="post">{% csrf_token %}
 <table>
    <tr><th>{{ form.name.label }}:</th><td>{{ form.name.errors }}{{ form.name }}</td></tr>
    <tr><th>{{ form.email.label }}:</th><td>{{ form.email.errors }}{{ form.email }}</td></tr>
diff -r fa7d82bfb100 -r 6a5549c2efb5 gpp/templates/downloads/add.html
--- a/gpp/templates/downloads/add.html	Sat Apr 03 02:15:04 2010 +0000
+++ b/gpp/templates/downloads/add.html	Sat Apr 03 20:00:56 2010 +0000
@@ -30,7 +30,7 @@
     <li>The file may be removed at any time at the discretion of the staff of SurfGuitar101.</li>
 </ol>
 
-<form action="." method="post" enctype="multipart/form-data" id="downloads-add">
+<form action="." method="post" enctype="multipart/form-data" id="downloads-add">{% csrf_token %}
 <fieldset>
 <legend>Upload Form</legend>
 <table>
diff -r fa7d82bfb100 -r 6a5549c2efb5 gpp/templates/downloads/navigation.html
--- a/gpp/templates/downloads/navigation.html	Sat Apr 03 02:15:04 2010 +0000
+++ b/gpp/templates/downloads/navigation.html	Sat Apr 03 20:00:56 2010 +0000
@@ -1,7 +1,7 @@
 <div class="app-logo">
 <img src="{{ MEDIA_URL }}icons/downloads-logo.jpg" alt="Downloads Logo" title="Downloads" />
 </div>
-<form id="downloads-search" action="{% url downloads-search page=1 %}" method="post">
+<form id="downloads-search" action="{% url downloads-search page=1 %}" method="post">{% csrf_token %}
     <p>{{ search_form.text }} <input type="submit" value="Search" /></p>
 </form>
 <ul class="app-menu">
diff -r fa7d82bfb100 -r 6a5549c2efb5 gpp/templates/forums/forum_index.html
--- a/gpp/templates/forums/forum_index.html	Sat Apr 03 02:15:04 2010 +0000
+++ b/gpp/templates/forums/forum_index.html	Sat Apr 03 20:00:56 2010 +0000
@@ -12,7 +12,7 @@
 <div class="forum-block">
 {% if user.is_authenticated %}
 <a href="{% url forums-new_topic slug=forum.slug %}">New Topic</a> &bull;
-<form action="{% url forums-catchup slug=forum.slug %}" method="post" style="display:inline">
+<form action="{% url forums-catchup slug=forum.slug %}" method="post" style="display:inline">{% csrf_token %}
    <input type="submit" value="Mark All Topics Read" />
 </form>
 {% endif %}
@@ -56,7 +56,7 @@
 {{ page_nav }}
 {% if user.is_authenticated %}
 <a href="{% url forums-new_topic slug=forum.slug %}">New Topic</a> &bull;
-<form action="{% url forums-catchup slug=forum.slug %}" method="post" style="display:inline">
+<form action="{% url forums-catchup slug=forum.slug %}" method="post" style="display:inline">{% csrf_token %}
    <input type="submit" value="Mark All Topics Read" />
 </form>
 {% endif %}
diff -r fa7d82bfb100 -r 6a5549c2efb5 gpp/templates/forums/manage_subscriptions.html
--- a/gpp/templates/forums/manage_subscriptions.html	Sat Apr 03 02:15:04 2010 +0000
+++ b/gpp/templates/forums/manage_subscriptions.html	Sat Apr 03 20:00:56 2010 +0000
@@ -8,7 +8,7 @@
 </h3>
 <p>The forum topics you are currently subscribed to are listed below.</p>
 {% include 'forums/pagination.html' %}
-<form action="." method="post">
+<form action="." method="post">{% csrf_token %}
 <table class="forum-topic-table">
    <thead>
       <tr>
diff -r fa7d82bfb100 -r 6a5549c2efb5 gpp/templates/forums/mod_forum.html
--- a/gpp/templates/forums/mod_forum.html	Sat Apr 03 02:15:04 2010 +0000
+++ b/gpp/templates/forums/mod_forum.html	Sat Apr 03 20:00:56 2010 +0000
@@ -14,7 +14,7 @@
 
 <div class="forum-block">
 {{ page_nav }}
-<form action="." method="post">
+<form action="." method="post">{% csrf_token %}
 <table class="forum-index-table">
    <thead>
       <tr>
diff -r fa7d82bfb100 -r 6a5549c2efb5 gpp/templates/forums/mod_split_topic.html
--- a/gpp/templates/forums/mod_split_topic.html	Sat Apr 03 02:15:04 2010 +0000
+++ b/gpp/templates/forums/mod_split_topic.html	Sat Apr 03 20:00:56 2010 +0000
@@ -16,7 +16,7 @@
    split to the new topic ("Split Selected Posts"), or by selecting a post such that all posts
    at or below the selection get split ("Split At Selected Post").
    <p>
-   <form action="." method="post">
+   <form action="." method="post">{% csrf_token %}
    <table>
    {{ form.as_table }}
    <tr><td>&nbsp;</td><td>
diff -r fa7d82bfb100 -r 6a5549c2efb5 gpp/templates/forums/move_topic.html
--- a/gpp/templates/forums/move_topic.html	Sat Apr 03 02:15:04 2010 +0000
+++ b/gpp/templates/forums/move_topic.html	Sat Apr 03 20:00:56 2010 +0000
@@ -10,7 +10,7 @@
 </h3>
 
 <div class="forum-block">
-<form action="." method="post">
+<form action="." method="post">{% csrf_token %}
 <fieldset>
 <legend>Move Topic: {{ topic.name }}</legend>
    {{ form.as_p }}
diff -r fa7d82bfb100 -r 6a5549c2efb5 gpp/templates/forums/show_form.html
--- a/gpp/templates/forums/show_form.html	Sat Apr 03 02:15:04 2010 +0000
+++ b/gpp/templates/forums/show_form.html	Sat Apr 03 20:00:56 2010 +0000
@@ -1,5 +1,5 @@
 {% load core_tags %}
-<form action="." method="post">
+<form action="." method="post">{% csrf_token %}
 <fieldset>
 <legend>{{ legend_text }}</legend>
 {{ form.as_p }}
diff -r fa7d82bfb100 -r 6a5549c2efb5 gpp/templates/forums/topic.html
--- a/gpp/templates/forums/topic.html	Sat Apr 03 02:15:04 2010 +0000
+++ b/gpp/templates/forums/topic.html	Sat Apr 03 20:00:56 2010 +0000
@@ -37,13 +37,13 @@
 {{ page_nav }}
 {% if can_moderate %}
 <div class="forum-mod-controls">
-   <form action="{% url forums-mod_topic_stick topic.id %}" method="post">
+   <form action="{% url forums-mod_topic_stick topic.id %}" method="post">{% csrf_token %}
       <input type="submit" value="{% if topic.sticky %}Unstick{% else %}Stick{% endif %} Topic" />
    </form>
-   <form action="{% url forums-mod_topic_lock topic.id %}" method="post">
+   <form action="{% url forums-mod_topic_lock topic.id %}" method="post">{% csrf_token %}
       <input type="submit" value="{% if topic.locked %}Unlock{% else %}Lock{% endif %} Topic" />
    </form>
-   <form action="{% url forums-mod_topic_delete topic.id %}" method="post">
+   <form action="{% url forums-mod_topic_delete topic.id %}" method="post">{% csrf_token %}
       <input type="submit" value="Delete Topic" id="forum-mod-del-topic" />
    </form>
    <a href="{% url forums-mod_topic_move topic.id %}"><img src="{{ MEDIA_URL }}icons/application_go.png" alt="Move Topic" title="Move Topic" /></a>
@@ -59,7 +59,7 @@
 {% endif %}
 
 {% if user.is_authenticated %}
-<form action={% if is_subscribed %}"{% url forums-unsubscribe_topic topic.id %}"{% else %}"{% url forums-subscribe_topic topic.id %}"{% endif %} method="post">
+<form action={% if is_subscribed %}"{% url forums-unsubscribe_topic topic.id %}"{% else %}"{% url forums-subscribe_topic topic.id %}"{% endif %} method="post">{% csrf_token %}
 <fieldset>
    <legend>Subscription Options</legend>
    <p>
diff -r fa7d82bfb100 -r 6a5549c2efb5 gpp/templates/gcalendar/event.html
--- a/gpp/templates/gcalendar/event.html	Sat Apr 03 02:15:04 2010 +0000
+++ b/gpp/templates/gcalendar/event.html	Sat Apr 03 20:00:56 2010 +0000
@@ -16,7 +16,7 @@
    <li>Once submitted, your event will be reviewed by the site staff for approval. Normally it will appear on
    the calendar within 24 hours.</li>
 </ul>
-<form id="id_gcal_event_form" action="." method="post">
+<form id="id_gcal_event_form" action="." method="post">{% csrf_token %}
 <table>
 {% if form.non_field_errors %}
 <tr><td>&nbsp;</td><td>{{ form.non_field_errors }}</td></tr>
diff -r fa7d82bfb100 -r 6a5549c2efb5 gpp/templates/gcalendar/google_sync.html
--- a/gpp/templates/gcalendar/google_sync.html	Sat Apr 03 02:15:04 2010 +0000
+++ b/gpp/templates/gcalendar/google_sync.html	Sat Apr 03 20:00:56 2010 +0000
@@ -25,7 +25,7 @@
 {% endif %}
 {% endfor %}
 </ol>
-<form action="." method="POST">
+<form action="." method="POST">{% csrf_token %}
    {{ form.as_p }}
    <p><input type="submit" name="submit" value="Submit" /></p>
 </form>
diff -r fa7d82bfb100 -r 6a5549c2efb5 gpp/templates/membermap/index.html
--- a/gpp/templates/membermap/index.html	Sat Apr 03 02:15:04 2010 +0000
+++ b/gpp/templates/membermap/index.html	Sat Apr 03 20:00:56 2010 +0000
@@ -50,7 +50,7 @@
             <li>Rome, Italy</li>
             <li>5018EA, Tilburg, Netherlands</li>
         </ul>
-        <form action="" method="post">
+        <form action="" method="post">{% csrf_token %}
             {{ form.as_p }}
             {% comment_dialogs %}
             <input type="submit" id="member_map_submit" name="submit" value="Submit" />
diff -r fa7d82bfb100 -r 6a5549c2efb5 gpp/templates/messages/compose.html
--- a/gpp/templates/messages/compose.html	Sat Apr 03 02:15:04 2010 +0000
+++ b/gpp/templates/messages/compose.html	Sat Apr 03 20:00:56 2010 +0000
@@ -7,7 +7,7 @@
 {% block compose-class %}class="active"{% endblock %}
 {% block messages_content %}
 <h3>Compose Message</h3>
-<form action="." method="post">
+<form action="." method="post">{% csrf_token %}
 <table>
 {{ compose_form.as_table }}
 <tr>
diff -r fa7d82bfb100 -r 6a5549c2efb5 gpp/templates/messages/options.html
--- a/gpp/templates/messages/options.html	Sat Apr 03 02:15:04 2010 +0000
+++ b/gpp/templates/messages/options.html	Sat Apr 03 20:00:56 2010 +0000
@@ -10,7 +10,7 @@
    {% endfor %}
 </ul>
 {% endif %}
-<form action="." method="post">
+<form action="." method="post">{% csrf_token %}
 <table>
 {{ form.as_table }}
 <tr>
diff -r fa7d82bfb100 -r 6a5549c2efb5 gpp/templates/messages/view.html
--- a/gpp/templates/messages/view.html	Sat Apr 03 02:15:04 2010 +0000
+++ b/gpp/templates/messages/view.html	Sat Apr 03 20:00:56 2010 +0000
@@ -21,13 +21,13 @@
 </div>
 {% endif %}
 {% if is_deleted %}
-<form action="{% url messages-undelete msg.id %}" method="post">
+<form action="{% url messages-undelete msg.id %}" method="post">{% csrf_token %}
    {% if box %}<input type="hidden" name="box" value="{{ box }}" />{% endif %}
    <input type="submit" value="Undelete" />
 </form>
 {% else %}
 <a href="{% url messages-reply msg.id %}{% if box %}?box={{ box }}{% endif %}">Reply</a> |
-<form action="{% url messages-delete msg.id %}" method="post" class="messages-button">
+<form action="{% url messages-delete msg.id %}" method="post" class="messages-button">{% csrf_token %}
    {% if box %}<input type="hidden" name="box" value="{{ box }}" />{% endif %}
    <input type="submit" value="Delete" />
 </form>
diff -r fa7d82bfb100 -r 6a5549c2efb5 gpp/templates/news/base.html
--- a/gpp/templates/news/base.html	Sat Apr 03 02:15:04 2010 +0000
+++ b/gpp/templates/news/base.html	Sat Apr 03 20:00:56 2010 +0000
@@ -10,7 +10,7 @@
 <h2>SurfGuitar101 News &amp; Articles <a href="{% url feeds-news %}"><img src="{{ MEDIA_URL }}icons/feed.png" alt="News Feed" title="News Feed" /></a></h2>
 {% if search_form %}
 <div class="news-search">
-<form action="{% url news-search_page page=1 %}" method="post">
+<form action="{% url news-search_page page=1 %}" method="post">{% csrf_token %}
    <p>{{ search_form.text }} {{ search_form.category }} <input type="submit" value="Search" /></p>
 </form>
 </div>
diff -r fa7d82bfb100 -r 6a5549c2efb5 gpp/templates/news/send_story.html
--- a/gpp/templates/news/send_story.html	Sat Apr 03 02:15:04 2010 +0000
+++ b/gpp/templates/news/send_story.html	Sat Apr 03 20:00:56 2010 +0000
@@ -9,7 +9,7 @@
       <li>Your name: {{ user.get_full_name }}</li>
       <li>Your email: {{ user.email }}</li>
    </ul>
-   <form action="." method="post">
+   <form action="." method="post">{% csrf_token %}
       <table>
          {{ send_form.as_table }}
          <tr><td>&nbsp;</td><td><input type="submit" value="Send" />
diff -r fa7d82bfb100 -r 6a5549c2efb5 gpp/templates/news/submit_news.html
--- a/gpp/templates/news/submit_news.html	Sat Apr 03 02:15:04 2010 +0000
+++ b/gpp/templates/news/submit_news.html	Sat Apr 03 20:00:56 2010 +0000
@@ -9,7 +9,7 @@
 {% block news_content %}
 <h3>Submit News</h3>
 {% if add_form %}
-   <form action="." method="post">
+   <form action="." method="post">{% csrf_token %}
       <table>
          {{ add_form.as_table }}
          <tr><td>&nbsp;</td><td><input type="submit" value="Submit" />
diff -r fa7d82bfb100 -r 6a5549c2efb5 gpp/templates/polls/poll_vote.html
--- a/gpp/templates/polls/poll_vote.html	Sat Apr 03 02:15:04 2010 +0000
+++ b/gpp/templates/polls/poll_vote.html	Sat Apr 03 20:00:56 2010 +0000
@@ -6,7 +6,7 @@
 {% block content %}
 <h2>Poll</h2>
 <h3>{{ poll.question }}</h3>
-<form action="." method="post">
+<form action="." method="post">{% csrf_token %}
    <div class="poll-form">
    {{ vote_form.as_p }}
    <input type="submit" value="Vote" />
diff -r fa7d82bfb100 -r 6a5549c2efb5 gpp/templates/shoutbox/shoutbox.html
--- a/gpp/templates/shoutbox/shoutbox.html	Sat Apr 03 02:15:04 2010 +0000
+++ b/gpp/templates/shoutbox/shoutbox.html	Sat Apr 03 20:00:56 2010 +0000
@@ -13,12 +13,12 @@
 <center><a href="{% url shoutbox-history page=1 %}">Shout History</a></center>
 {% if user.is_authenticated %}
 <center>
-<form action="{% url shoutbox-shout %}" method="post">
+<div>
    <input type="text" maxlength="2048" size="13" name="msg" value="" id="shoutbox-smiley-input" />
    <br />
    <input id="shoutbox-submit" type="submit" value="Shout" />
    <input id="shoutbox-smilies" type="button" value="Smilies" />
-</form>
+</div>
 <div id="shoutbox-smiley-frame" style="display:none;">
 <img id="shoutbox-busy-icon" src="{{ MEDIA_URL }}icons/ajax_busy.gif" alt="Please wait" />
 </div>
diff -r fa7d82bfb100 -r 6a5549c2efb5 gpp/templates/weblinks/add_link.html
--- a/gpp/templates/weblinks/add_link.html	Sat Apr 03 02:15:04 2010 +0000
+++ b/gpp/templates/weblinks/add_link.html	Sat Apr 03 20:00:56 2010 +0000
@@ -3,7 +3,7 @@
 {% block weblinks_content %}
    <h3>Add Link</h3>
    {% if add_form %}
-   <form action="." method="post">
+   <form action="." method="post">{% csrf_token %}
    <table>
       {{ add_form.as_table }}
       <tr><td>&nbsp;</td><td><input type="submit" value="Add Link" />
diff -r fa7d82bfb100 -r 6a5549c2efb5 gpp/templates/weblinks/link.html
--- a/gpp/templates/weblinks/link.html	Sat Apr 03 02:15:04 2010 +0000
+++ b/gpp/templates/weblinks/link.html	Sat Apr 03 20:00:56 2010 +0000
@@ -3,7 +3,7 @@
 </dt>
 <dd>
 <p>{{ link.description }}</p>
-<form action="{% url weblinks-visit link.id %}" method="post">
+<form action="{% url weblinks-visit link.id %}" method="post">{% csrf_token %}
 <table class="link-stats">
    <tr>
       <th>Date Added:</th><td>{{ link.date_added|date:"M d, Y" }}</td>
diff -r fa7d82bfb100 -r 6a5549c2efb5 gpp/templates/weblinks/navigation.html
--- a/gpp/templates/weblinks/navigation.html	Sat Apr 03 02:15:04 2010 +0000
+++ b/gpp/templates/weblinks/navigation.html	Sat Apr 03 20:00:56 2010 +0000
@@ -2,7 +2,7 @@
 <img src="{{ MEDIA_URL }}icons/weblinks-logo.jpg" alt="Links Logo" title="Links" />
 </div>
 <div class="weblinks-search">
-<form action="{% url weblinks-search page=1 %}" method="post">
+<form action="{% url weblinks-search page=1 %}" method="post">{% csrf_token %}
    <p>{{ search_form.text }} <input type="submit" value="Search" /></p>
 </form>
 </div>
@@ -16,7 +16,7 @@
 {% endif %}
 </ul>
 <center>
-   <form action="{% url weblinks.views.random_link %}" method="post">
+   <form action="{% url weblinks.views.random_link %}" method="post">{% csrf_token %}
       <input type="submit" value="Visit a Random Link" />
    </form>
 </center>