Reverts to changeset 435, and just add {% csrf_token %} to template forgot_pw.html, since CSRF protection seems to be only here (surely because of django.contrib.auth.views).
{% extends "site/layout/base_text.html" %}
{% load i18n %}
{% load com %}
{% block head %}
<script type="text/javascript" src="{{ CM_MEDIA_PREFIX }}js/site/text_edit.js"></script>
{% endblock %}
{% block main %}
{% include "site/macros/text_editor.html" %}
<script type="text/javascript">
<!--
tb_conf['current_tab'] = 'edit';
// keep get parameters!!
{% url text-preedit text.key as preedit_url %}
tb_conf['pre_edit_url'] = '{{ preedit_url }}{{ preedit_url|url_args }}{{ request.GET.urlencode }}';
-->
</script>
<div style="display: none;">
<div id="confirm_all_removed_dlg"></div>
<div id="remove_scope_choice_dlg"></div>
</div>
<div id="text_edit" class="tab-meta">
<form id="edit_form" class="text-form wizard-form" action="." method="post">
<table class="wide_form">
<tbody>
{% include "site/macros/form_fields.html" %}
<tr>
<td style="vertical-align: top; width: 20%; text-align:right;">
</td>
<td>
<label></label>
<input name="cancel_modified_scopes" id="cancel_modified_scopes" type="hidden"/>
<input name="save" id="save" type="button" value="{% blocktrans %}Save{% endblocktrans %}"/>
</td>
</tr>
</tbody>
</table>
</form>
</div>
{% endblock %}