1 files changed, 9 insertions, 2 deletions

diff --git a/flatpages/views.py b/flatpages/views.py
index aa1793d..0764d55 100644
--- a/flatpages/views.py
+++ b/flatpages/views.py
@@ -6,6 +6,8 @@ from django.shortcuts import render, redirect
 from django.http import HttpResponse, HttpResponseRedirect, Http404
 from django.urls import reverse, resolve
 from django.template import Context, loader
+from django.views.decorators.csrf import ensure_csrf_cookie
+
 import django.forms as forms
 
 from troggle.helper import login_required_if_public
@@ -147,6 +149,7 @@ def getmimetype(path):
     return ""
 
 @login_required_if_public
+@ensure_csrf_cookie
 def editflatpage(request, path):
     try:
         r = Cave.objects.get(url = path)
@@ -156,7 +159,7 @@ def editflatpage(request, path):
 
 
     try:
-        filepath = os.path.normpath(settings.EXPOWEB + path)
+        filepath = Path(settings.EXPOWEB) / path
         o = open(filepath, "r")
         html = o.read()
         autogeneratedmatch = re.search(r"\<\!--\s*(.*?(Do not edit|auto-generated).*?)\s*--\>", html, re.DOTALL + re.IGNORECASE)
@@ -174,12 +177,15 @@ def editflatpage(request, path):
         else:
             return HttpResponse("Page could not be split into header and body")
     except IOError:
+        print("### File not found ### ", filepath)
         filefound = False
         
 
     if request.method == 'POST': # If the form has been submitted...
         flatpageForm = FlatPageForm(request.POST) # A form bound to the POST data
         if flatpageForm.is_valid():# Form valid therefore write file
+            print("### \n", str(flatpageForm)[0:300])
+            print("### \n csrfmiddlewaretoken: ",request.POST['csrfmiddlewaretoken'])
             if filefound:
                 headmatch =  re.match(r"(.*)<title>.*</title>(.*)", head, re.DOTALL + re.IGNORECASE)
                 if headmatch:
@@ -209,7 +215,8 @@ def editflatpage(request, path):
                 title = ""
             flatpageForm = FlatPageForm({"html": body, "title": title})
         else:
-            flatpageForm = FlatPageForm()
+            body = "### File not found ###\n"    + str(filepath)
+            flatpageForm = FlatPageForm({"html": body, "title": "Missing"})
     return render(request, 'editflatpage.html', {'path': path, 'form': flatpageForm, })
 
 class FlatPageForm(forms.Form):