From b51620eb9502997a2f55a485e55e0e73f6450449 Mon Sep 17 00:00:00 2001
From: Alexander Sulfrian <alex@spline.inf.fu-berlin.de>
Date: Tue, 18 Nov 2014 05:47:53 +0100
Subject: forms: use Form from flask.ext.wtf as base for all forms

Form from flask.ext.wtf has automatic csfr handling included. We need to hide this
form fields but we get extra security for nothing more.
---
 templates/_formhelpers.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'templates')

diff --git a/templates/_formhelpers.html b/templates/_formhelpers.html
index e50f482..f0fe7fe 100644
--- a/templates/_formhelpers.html
+++ b/templates/_formhelpers.html
@@ -1,5 +1,5 @@
 {% macro render_field(field) %}
-  {% if field.type == 'HiddenField' %}
+  {% if field.type in ['HiddenField', 'CSRFTokenField'] %}
     {{ field()|safe }}
   {% else %}
     <div class="form-group {% if field.errors %}has-error{% endif %}">
-- 
cgit v1.2.3-1-g7c22