Forum templates support CSRF now.

flaskbb/forum/views.py

@@ -266,9 +266,10 @@ def trivialize_topic(topic_id, slug=None):
     return redirect(topic.url)
 
 
-@forum.route("/topic/<int:topic_id>/move/<int:forum_id>")
+@forum.route("/topic/<int:topic_id>/move/<int:forum_id>", methods=["POST"])
 @forum.route(
-    "/topic/<int:topic_id>-<topic_slug>/move/<int:forum_id>-<forum_slug>"
+    "/topic/<int:topic_id>-<topic_slug>/move/<int:forum_id>-<forum_slug>",
+    methods=["POST"]
 )
 @login_required
 def move_topic(topic_id, forum_id, topic_slug=None, forum_slug=None):
@@ -292,8 +293,11 @@ def move_topic(topic_id, forum_id, topic_slug=None, forum_slug=None):
     return redirect(topic.url)
 
 
-@forum.route("/topic/<int:old_id>/merge/<int:new_id>")
-@forum.route("/topic/<int:old_id>-<old_slug>/merge/<int:new_id>-<new_slug>")
+@forum.route("/topic/<int:old_id>/merge/<int:new_id>", methods=["POST"])
+@forum.route(
+    "/topic/<int:old_id>-<old_slug>/merge/<int:new_id>-<new_slug>",
+    methods=["POST"]
+)
 @login_required
 def merge_topic(old_id, new_id, old_slug=None, new_slug=None):
     _old_topic = Topic.query.filter_by(id=old_id).first_or_404()
@@ -441,9 +445,9 @@ def raw_post(post_id):
     return format_quote(post)
 
 
-@forum.route("/markread")
-@forum.route("/<int:forum_id>/markread")
-@forum.route("/<int:forum_id>-<slug>/markread")
+@forum.route("/markread", methods=["POST"])
+@forum.route("/<int:forum_id>/markread", methods=["POST"])
+@forum.route("/<int:forum_id>-<slug>/markread", methods=["POST"])
 @login_required
 def markread(forum_id=None, slug=None):
     # Mark a single forum as read
@@ -493,7 +497,7 @@ def markread(forum_id=None, slug=None):
     return redirect(url_for("forum.index"))
 
 
-@forum.route("/who_is_online")
+@forum.route("/who-is-online")
 def who_is_online():
     if current_app.config['REDIS_ENABLED']:
         online_users = get_online_users()

flaskbb/static/css/flaskbb.css

@@ -26,6 +26,10 @@ body {
   padding-right: 15px;
 }
 
+.pagination {
+  margin: 0;
+}
+
 .pagination-text {
   cursor: default;
   background-color: #fff;

flaskbb/templates/forum/forum.html

@@ -11,28 +11,28 @@
     <li class="active">{{ forum.title }}</li>
 </ol>
 
-<div class="pull-left" style="padding-bottom: 10px">
+<div class="pull-left">
     {{ render_pagination(topics, forum.url) }}
 </div> <!-- end span pagination -->
 
 {% if current_user|post_topic(forum) %}
-<div class="pull-right" style="padding-bottom: 10px">
-    <div class="btn-group">
-        <a href="{{ url_for('forum.markread', forum_id=forum.id, slug=forum.slug) }}" class="btn btn-default">
+<div class="pull-right">
+    <form class="inline-form" method="post" action="{{ url_for('forum.markread', forum_id=forum.id, slug=forum.slug) }}">
+        <input type="hidden" name="csrf_token" value="{{ csrf_token() }}" />
+        <button class="btn btn-default">
             <span class="fa fa-check"></span> {% trans %}Mark as Read{% endtrans %}
-        </a>
-
-        {% if forum.locked %}
-        <span class="btn btn-primary">
-            <span class="fa fa-lock"></span> {% trans %}Locked{% endtrans %}
-        </span>
-        {% else %}
-        <a href="{{ url_for('forum.new_topic', forum_id=forum.id, slug=forum.slug) }}" class="btn btn-primary">
-            <span class="fa fa-pencil"></span> {% trans %}New Topic{% endtrans %}
-        </a>
-        {% endif %}
-
-    </div>
+        </button>
+    </form>
+
+    {% if forum.locked %}
+    <span class="btn btn-primary">
+        <span class="fa fa-lock"></span> {% trans %}Locked{% endtrans %}
+    </span>
+    {% else %}
+    <a href="{{ url_for('forum.new_topic', forum_id=forum.id, slug=forum.slug) }}" class="btn btn-primary">
+        <span class="fa fa-pencil"></span> {% trans %}New Topic{% endtrans %}
+    </a>
+    {% endif %}
 </div>
 {% endif %}
 

flaskbb/themes/bootstrap2/static/css/flaskbb.css

@@ -26,6 +26,10 @@ body {
   padding-right: 15px;
 }
 
+.pagination {
+  margin: 0;
+}
+
 .pagination-text {
   cursor: default;
   background-color: #fff;

flaskbb/themes/bootstrap3/static/css/flaskbb.css

@@ -26,6 +26,10 @@ body {
   padding-right: 15px;
 }
 
+.pagination {
+  margin: 0;
+}
+
 .pagination-text {
   cursor: default;
   background-color: #fff;