diff MoinMoin/PageGraphicalEditor.py @ 1573:1453513eaa7e

use tickets for editing, cfg.edit_ticketing, make tickets more safe, invalidate old tickets
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Mon, 18 Sep 2006 21:54:59 +0200
parents e36313297589
children c2457afd322d
line wrap: on
line diff
--- a/MoinMoin/PageGraphicalEditor.py	Mon Sep 18 21:31:27 2006 +0200
+++ b/MoinMoin/PageGraphicalEditor.py	Mon Sep 18 21:54:59 2006 +0200
@@ -208,6 +208,9 @@
         # Send revision of the page our edit is based on
         self.request.write('<input type="hidden" name="rev" value="%d">' % (rev,))
 
+        # Create and send a ticket, so we can check the POST
+        self.request.write('<input type="hidden" name="ticket" value="%s">' % wikiutil.createTicket(self.request))
+
         # Save backto in a hidden input
         backto = form.get('backto', [None])[0]
         if backto: