diff --git a/app/__init__.py b/app/__init__.py
index 8e989c4..11d7cca 100644
--- a/app/__init__.py
+++ b/app/__init__.py
@@ -3,14 +3,18 @@ from flask_user import *
import flask_menu as menu
from flask.ext import markdown
from flask_github import GitHub
+from flask_wtf.csrf import CsrfProtect
import os
+
+
app = Flask(__name__)
app.config.from_pyfile(os.environ["FLASK_CONFIG"])
menu.Menu(app=app)
markdown.Markdown(app, extensions=["fenced_code"], safe_mode=True, output_format="html5")
github = GitHub(app)
+csrf = CsrfProtect(app)
from . import models, tasks
from .views import *
diff --git a/app/templates/packages/editrequest_view.html b/app/templates/packages/editrequest_view.html
index ce8f70e..95d4674 100644
--- a/app/templates/packages/editrequest_view.html
+++ b/app/templates/packages/editrequest_view.html
@@ -29,9 +29,14 @@
{% elif package.checkPerm(current_user, "APPROVE_CHANGES") %}
{% endif %}
diff --git a/app/templates/packages/view.html b/app/templates/packages/view.html
index ecd6b35..47d74ea 100644
--- a/app/templates/packages/view.html
+++ b/app/templates/packages/view.html
@@ -10,7 +10,10 @@
This package needs to be approved before it can be found.
{% if package.checkPerm(current_user, "APPROVE_NEW") %}
- Approve
+
{% endif %}
diff --git a/app/views/packages.py b/app/views/packages.py
index a732d04..66cf354 100644
--- a/app/views/packages.py
+++ b/app/views/packages.py
@@ -172,7 +172,7 @@ def create_edit_package_page(author=None, name=None):
return render_template("packages/create_edit.html", package=package, form=form, author=author)
-@app.route("/packages///approve/")
+@app.route("/packages///approve/", methods=["POST"])
@login_required
@is_package_page
def approve_package_page(package):
@@ -314,7 +314,7 @@ def view_editrequest_page(package, id):
return render_template("packages/editrequest_view.html", package=package, request=erequest)
-@app.route("/packages///requests//approve/")
+@app.route("/packages///requests//approve/", methods=["POST"])
@is_package_page
def approve_editrequest_page(package, id):
if not package.checkPerm(current_user, Permission.APPROVE_CHANGES):
@@ -339,7 +339,7 @@ def approve_editrequest_page(package, id):
return redirect(package.getDetailsURL())
-@app.route("/packages///requests//reject/")
+@app.route("/packages///requests//reject/", methods=["POST"])
@is_package_page
def reject_editrequest_page(package, id):
if not package.checkPerm(current_user, Permission.APPROVE_CHANGES):
diff --git a/app/views/tasks.py b/app/views/tasks.py
index c5a508a..9b27f61 100644
--- a/app/views/tasks.py
+++ b/app/views/tasks.py
@@ -1,7 +1,7 @@
from flask import *
from flask_user import *
from flask.ext import menu
-from app import app
+from app import app, csrf
from app.models import *
from app.tasks import celery
from app.tasks.importtasks import getMeta
@@ -10,6 +10,7 @@ from .utils import shouldReturnJson
from .utils import *
+@csrf.exempt
@app.route("/tasks/getmeta/new/", methods=["POST"])
@login_required
def new_getmeta_page():