From e6abd079b86398accbe29f17318aa02c38f93d8c Mon Sep 17 00:00:00 2001
From: t123yh <t123yh@outlook.com>
Date: Thu, 24 Aug 2017 15:00:22 +0800
Subject: [PATCH] Generate CSRF token statically in problem page.

---
 views/problem.ejs | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/views/problem.ejs b/views/problem.ejs
index 8bafbb6..4153a0e 100644
--- a/views/problem.ejs
+++ b/views/problem.ejs
@@ -222,11 +222,9 @@ div[class*=ace_br] {
     <div class="row">
         <div class="column">
           <%
-          let formUrl;
-          if (contest) formUrl = syzoj.utils.makeUrl(['problem', problem.id, 'submit'], { contest_id: contest.id });
-          else formUrl = syzoj.utils.makeUrl(['problem', problem.id, 'submit']);
+          const formUrl = syzoj.utils.makeUrl(['problem', problem.id, 'submit'], { contest_id: contest ? contest.id : undefined, _csrf: req.csrfToken() });
           %>
-          <form class="ui form" action="<%= formUrl %>" method="post" onsubmit="return submit_code()" id="submit_code" enctype="multipart/form-data">
+          <form class="ui form have-csrf" action="<%= formUrl %>" method="post" onsubmit="return submit_code()" id="submit_code" enctype="multipart/form-data">
             <% if (problem.type === 'submit-answer') { %>
               <%
               let cases = [];