1
0
Fork 0
forked from OpenNeo/impress
impress/app/views/outfits/new.html.haml
Matchu 5cec28e29b fix logout bug: stop caching authenticity_token fields
Many forms on the site contain a hidden authenticity_token field,
unique to each visitory. If a user submits a request with an
invalid authenticity_token, Rails assumes that it's a CSRF attempt
and logs out the user. So, if we happen to cache those forms with
authenticity_token fields, all users who use that form will have
the same authenticity_token (valid for only the first user who
saw the form, invalid for everyone else), and all requests made
through that form will log out the user. Bad news.

So, we stopped caching those forms. Yay!
2012-08-07 17:32:51 -04:00

105 lines
3.4 KiB
Text

- hide_home_link
= campaign_progress
#outfit-forms
- cache :action_suffix => 'outfit_forms_intro' do
#pet-preview
= image_tag 'default_preview.png', :alt => ''
%span
%h1 Dress to Impress
%h2 Neopets wearables made easy!
= form_tag load_pet_path, :id => 'load-pet-to-wardrobe' do
- cache :action_suffix => 'main_load_pet_form_content' do
= origin_tag root_path
= destination_tag 'wardrobe'
%fieldset
%legend Enter your pet's name
= pet_name_tag :id => 'main-pet-name'
%button{:type => "submit"}
Plan my outfit!
= form_tag wardrobe_path, :method => 'get', :id => 'start-from-scratch' do
- cache :action_suffix => 'start_from_scratch_form_content' do
%fieldset
%legend Or start from scratch
= pet_attribute_select 'color', @colors, 8
= pet_attribute_select 'species', @species
%input{:type => "submit", :value => "Go"}
%ul#sections
- cache :action_suffix => 'your_items_module' do
%li#your-items-module
= link_to image_tag('your_items.png'), your_items_path
%h3
= link_to 'Your Items', your_items_path
%div
%h4 Track and trade!
%p
Make lists of the items you own and want, and share them with the
world.
= form_tag users_path, :method => 'get' do
= text_field_tag 'name', '', :placeholder => raw('find a user…'), :type => 'search'
= submit_tag 'search'
- cache :action_suffix => 'infinite_closet_module' do
%li
%a{:href => items_path}
= image_tag 'items.png'
%h3
%a{:href => items_path}
Infinite Closet
%div
%h4 Looking for something?
%p
Take a look through our wearables database!
= form_tag items_path, :method => 'get' do
= text_field_tag 'q', '', :placeholder => raw('find an item…'), :type => 'search'
= submit_tag 'search'
%li
%a{:href => bulk_pets_path}
= image_tag 'http://images.neopets.com/items/mall_ac_garland_spotlight.gif'
%h3
%a{:href => bulk_pets_path}
Modeling Hub
%div
%h4 Found something?
%p
Enter a pet's name here and we'll keep a copy of what it's wearing.
Thanks so much!
= form_tag load_pet_path do
= origin_tag root_path
= pet_name_tag :placeholder => raw('model a pet…')
= submit_tag 'submit'
#latest-contribution
= link_to 'Contributions:', contributions_path, :id => 'recent-contributions-link'
= link_to @latest_contribution.user.name, user_contributions_path(@latest_contribution.user)
showed us
= succeed '.' do
= contributed_description @latest_contribution.contributed, false
Thanks,
= succeed '!' do
= link_to @latest_contribution.user.name, user_contributions_path(@latest_contribution.user)
%span#latest-contribution-created-at{:title => @latest_contribution.created_at.to_s}
#{time_ago_in_words @latest_contribution.created_at} ago
- cache :action_suffix => 'whats_new' do
#whats-new
#blog-preview
%h2
%div
%a#blog-preview-linkback{:href => 'http://blog.openneo.net/'} OpenNeo Blog
#newest-items
%h2 New Items
%ul
- @newest_items.each do |item|
= link_to image_tag(item.thumbnail_url), item
- content_for :javascripts do
= include_javascript_libraries :jquery
= include_javascripts :new_outfit_package