forked from OpenNeo/impress
Matchu
5cec28e29b
Many forms on the site contain a hidden authenticity_token field, unique to each visitory. If a user submits a request with an invalid authenticity_token, Rails assumes that it's a CSRF attempt and logs out the user. So, if we happen to cache those forms with authenticity_token fields, all users who use that form will have the same authenticity_token (valid for only the first user who saw the form, invalid for everyone else), and all requests made through that form will log out the user. Bad news. So, we stopped caching those forms. Yay!
76 lines
2.1 KiB
Text
76 lines
2.1 KiB
Text
- title 'Modeling Hub'
|
|
|
|
= form_tag load_pet_path, :id => 'needed-items-form' do
|
|
- cache :action_suffix => 'needed_items_content' do
|
|
%h3 Looking for ways to contribute?
|
|
|
|
%p
|
|
Enter your pet's name below and we'll tell you what items you can help us
|
|
model. Thanks for your help!
|
|
|
|
= origin_tag bulk_pets_path
|
|
= destination_tag 'needed_items'
|
|
|
|
%input#needed-items-pet-name-field{:type => "text", :name => "name"}/
|
|
%input{:type => "submit", :value => "Submit"}/
|
|
|
|
#needed-items-alert.alert
|
|
|
|
#needed-items-pet.script-only
|
|
%h4
|
|
%img#needed-items-pet-thumbnail.inline-image
|
|
Items
|
|
%span#needed-items-pet-name
|
|
can model
|
|
|
|
%button#needed-items-reload Reload
|
|
|
|
%ul#needed-items-pet-items
|
|
|
|
= form_tag load_pet_path, :id => 'bulk-pets-form' do
|
|
- cache :action_suffix => 'bulk_pets_content' do
|
|
%h3 Model pets in bulk
|
|
|
|
%p
|
|
Got a lot of pets to model? Just keep typing them into the box below, or
|
|
even paste in a whole list of names, one name per line. Thanks for your
|
|
help!
|
|
|
|
= origin_tag bulk_pets_path
|
|
|
|
%div.noscript
|
|
%input{:name => "name", :type => "text"}/
|
|
%input{:type => "submit", :value => "Load pet"}/
|
|
%div.script-only
|
|
%textarea
|
|
%button#bulk-pets-form-add{:type => "button"} Add
|
|
%button#bulk-pets-form-clear{:type => "button"} Clear
|
|
%ul
|
|
|
|
- cache :action_suffix => 'item_template' do
|
|
%script#item-template{:type => 'text/x-jquery-tmpl'}
|
|
%li{:class => 'object{{if owned}} owned{{/if}}'}
|
|
= link_to item_path(':id').sub(':id', '${id}') do
|
|
%img{:src => '${thumbnail_url}', :alt => '${description}', :title => '${description}'}
|
|
%span.name ${name}
|
|
|
|
{{if nc}}
|
|
= nc_icon
|
|
{{/if}}
|
|
|
|
.closeted-icons
|
|
{{if owned}}
|
|
= owned_icon
|
|
{{/if}}
|
|
|
|
{{if wanted}}
|
|
= wanted_icon
|
|
{{/if}}
|
|
|
|
{{if owned}}
|
|
%span.object-owned You own this item
|
|
{{/if}}
|
|
|
|
- content_for :javascripts do
|
|
= include_javascript_libraries :jquery, :jquery_tmpl
|
|
= include_javascripts :bulk_pets_package
|