X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2Foutput%2FForm.java;h=b86b6dcb7ea62d5f9301ee87b177eb2b3aa58339;hp=9a27127c65e1c82b69f7ebb1e0103e76f3707b70;hb=70ac38c2e844e293d9815b8703341b94b029977a;hpb=9cea8b8e7eb50c8d79e7eecea683e17efe583c59

diff --git a/src/org/cacert/gigi/output/Form.java b/src/org/cacert/gigi/output/Form.java
index 9a27127c..b86b6dcb 100644
--- a/src/org/cacert/gigi/output/Form.java
+++ b/src/org/cacert/gigi/output/Form.java
@@ -1,14 +1,34 @@
 package org.cacert.gigi.output;
 
 import java.io.PrintWriter;
+import java.util.Map;
 
 import javax.servlet.ServletRequest;
 import javax.servlet.http.HttpServletRequest;
 
+import org.cacert.gigi.Language;
 import org.cacert.gigi.pages.Page;
+import org.cacert.gigi.util.RandomToken;
 
 public abstract class Form implements Outputable {
+	String csrf;
+	public Form() {
+		csrf = RandomToken.generateToken(32);
+	}
+
 	public abstract boolean submit(PrintWriter out, HttpServletRequest req);
+	@Override
+	public final void output(PrintWriter out, Language l,
+			Map<String, Object> vars) {
+		out.println("<form method='POST' autocomplete='off'>");
+		outputContent(out, l, vars);
+		out.println("<input type='csrf' value='");
+		out.print(getCSRFToken());
+		out.println("'></form>");
+	}
+
+	public abstract void outputContent(PrintWriter out, Language l,
+			Map<String, Object> vars);
 
 	protected void outputError(PrintWriter out, ServletRequest req, String text) {
 		out.print("<div>");
@@ -16,4 +36,8 @@ public abstract class Form implements Outputable {
 		out.println("</div>");
 	}
 
+	public String getCSRFToken() {
+		return csrf;
+	}
+
 }