added XSRF protection to all forms and associated tests

[bluechips.git] / bluechips / templates / spend / index.mako

diff --git a/bluechips/templates/spend/index.mako b/bluechips/templates/spend/index.mako
index 25f1db2c432683a70f76ccf02136ded4fb043174..ff388a3eecace604ab6cb86bd8cb13efb9245091 100644 (file)
--- a/bluechips/templates/spend/index.mako
+++ b/bluechips/templates/spend/index.mako
@@ -5,6 +5,7 @@
 %>
 
 <form action="${h.url_for(controller='spend', action='update', id=c.expenditure.id)}" method="post">
+  ${h.auth_token_hidden_field()}
   <table class="form">
     <tr>
       <th><label for="spender_id">Spender</label></th>