add: pilot code for form tokens

diff --git a/swat/lib/helpers.py b/swat/lib/helpers.py
index d6feaac1d3816f2322bbc5bd464835b5a78d7757..a10c28191a6ebd5a91110f684664b302d0624b90 100644 (file)
--- a/swat/lib/helpers.py
+++ b/swat/lib/helpers.py
@@ -19,7 +19,7 @@ Consists of functions to typically be used within templates, but also
 available to Controllers. This module is available to templates as 'h'.
 """
 from webhelpers.html.tags import *
-from webhelpers.html import literal
+from webhelpers.html.secure_form import secure_form 
 
 from routes import url_for
 from pylons import request, app_globals as g, config, session

diff --git a/swat/templates/default/component/account-user-form.mako b/swat/templates/default/component/account-user-form.mako
index ffb0eaec532f4fdb89505810a71a0a8a5e0fd291..089f6b77e9bd69c689a42611c66d584e1ef113af 100644 (file)
--- a/swat/templates/default/component/account-user-form.mako
+++ b/swat/templates/default/component/account-user-form.mako
@@ -19,7 +19,7 @@
 <%namespace name="field" file="/default/component/form-fields.mako" />
 
 <%def name="write()">
-    ${h.form('', method="post", id="user-account-form", class_="share-configuration")}
+    ${h.secure_form('', method="post", id="user-account-form", class_="share-configuration")}
         <ol class="tab-list">
             <li id="tab1" class="active">
                 <h3><a title="${_('Basic User Configuration')}" class="title-icon basic-tab" href="#">${_('Basic')}</a></h3>