From cd9153a1c9cfb907fece485de20d87c329e08255 Mon Sep 17 00:00:00 2001
From: Jan Szejko <janek37@gmail.com>
Date: Mon, 2 Oct 2017 11:34:19 +0200
Subject: [PATCH] fix csrf in contact forms

---
 src/contact/templates/contact/form.html              | 3 ++-
 src/contact/templates/contact/mail_managers_body.txt | 6 +++---
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/contact/templates/contact/form.html b/src/contact/templates/contact/form.html
index 346de58ff..fc1427ff3 100644
--- a/src/contact/templates/contact/form.html
+++ b/src/contact/templates/contact/form.html
@@ -1,6 +1,7 @@
 {% extends form.base_template|default:"base/base.html" %}
 {% load chunks %}
 {% load honeypot %}
+{% load ssi_csrf_token from ssify %}
 
 {% block title %}{{ form.form_title }}{% endblock %}
 
@@ -15,7 +16,7 @@
     </div>
 
     <form method="POST" action="." enctype="multipart/form-data" class="submit-form">
-    {% csrf_token %}
+    {% ssi_csrf_token %}
     {% render_honeypot_field %}
     {% block form %}
         <table>
diff --git a/src/contact/templates/contact/mail_managers_body.txt b/src/contact/templates/contact/mail_managers_body.txt
index b7f97cf25..b65ebd853 100644
--- a/src/contact/templates/contact/mail_managers_body.txt
+++ b/src/contact/templates/contact/mail_managers_body.txt
@@ -1,6 +1,6 @@
-{% load pretty_print from contact_tags %}{% load subdomainurls %}Wypełniono formularz {{ form_tag }} na stronie {{ site_name }}.
+{% load pretty_print from contact_tags %}Wypełniono formularz {{ form_tag }} na stronie {{ site_name }}.
 
-{% url 'admin:contact_contact_change' None contact.pk %}
+https://{{site_domain}}{% url 'admin:contact_contact_change' contact.pk %}
 
 {% for k, v in contact.body.items %}
 {{ k }}:
@@ -8,5 +8,5 @@
 {% endfor %}
 {% for attachment in contact.attachment_set.all %}
 {{ attachment.tag }}:
-http://{{ site_domain }}{{ attachment.get_absolute_url }}
+https://{{ site_domain }}{{ attachment.get_absolute_url }}
 {% endfor %}
-- 
2.20.1