diff MoinMoin/userprefs/oid.py @ 5514:09de6f176a91

userprefs: add ticket to openid add/remove handle code
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Sun, 07 Feb 2010 20:03:03 +0100
parents 7bfd4232cfb7
children 5359bfdf91ba
line wrap: on
line diff
--- a/MoinMoin/userprefs/oid.py	Sun Feb 07 19:34:55 2010 +0100
+++ b/MoinMoin/userprefs/oid.py	Sun Feb 07 20:03:03 2010 +0100
@@ -141,14 +141,15 @@
         if self.request.request_method != 'POST':
             return
 
+        if not wikiutil.checkTicket(self.request, form.get('ticket', [''])[0]):
+            return
+
         if form.has_key('remove'):
             return self._handle_remove()
 
         if form.has_key('add'):
             return self._handle_add()
 
-        return
-
     def _make_form(self):
         sn = self.request.getScriptname()
         pi = self.request.getPathinfo()
@@ -156,6 +157,8 @@
         _form = html.FORM(action=action)
         _form.append(html.INPUT(type="hidden", name="action", value="userprefs"))
         _form.append(html.INPUT(type="hidden", name="handler", value="oid"))
+        ticket = wikiutil.createTicket(self.request)
+        _form.append(html.INPUT(type="hidden", name="ticket", value=ticket))
         return _form
 
     def _make_row(self, label, cell, **kw):