comparison MoinMoin/userprefs/oid.py @ 5514:09de6f176a91

userprefs: add ticket to openid add/remove handle code
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Sun, 07 Feb 2010 20:03:03 +0100
parents 7bfd4232cfb7
children 5359bfdf91ba
comparison
equal deleted inserted replaced
5513:0e8fa2a6d016 5514:09de6f176a91
139 return 139 return
140 140
141 if self.request.request_method != 'POST': 141 if self.request.request_method != 'POST':
142 return 142 return
143 143
144 if not wikiutil.checkTicket(self.request, form.get('ticket', [''])[0]):
145 return
146
144 if form.has_key('remove'): 147 if form.has_key('remove'):
145 return self._handle_remove() 148 return self._handle_remove()
146 149
147 if form.has_key('add'): 150 if form.has_key('add'):
148 return self._handle_add() 151 return self._handle_add()
149
150 return
151 152
152 def _make_form(self): 153 def _make_form(self):
153 sn = self.request.getScriptname() 154 sn = self.request.getScriptname()
154 pi = self.request.getPathinfo() 155 pi = self.request.getPathinfo()
155 action = u"%s%s" % (sn, pi) 156 action = u"%s%s" % (sn, pi)
156 _form = html.FORM(action=action) 157 _form = html.FORM(action=action)
157 _form.append(html.INPUT(type="hidden", name="action", value="userprefs")) 158 _form.append(html.INPUT(type="hidden", name="action", value="userprefs"))
158 _form.append(html.INPUT(type="hidden", name="handler", value="oid")) 159 _form.append(html.INPUT(type="hidden", name="handler", value="oid"))
160 ticket = wikiutil.createTicket(self.request)
161 _form.append(html.INPUT(type="hidden", name="ticket", value=ticket))
159 return _form 162 return _form
160 163
161 def _make_row(self, label, cell, **kw): 164 def _make_row(self, label, cell, **kw):
162 """ Create a row in the form table. 165 """ Create a row in the form table.
163 """ 166 """