diff MoinMoin/userprefs/oid.py @ 5517:2c992293ece4

merged moin/1.8
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Mon, 08 Feb 2010 00:18:20 +0100
parents 2eaf4b42b400 5359bfdf91ba
children f7f9d35f9d23
line wrap: on
line diff
--- a/MoinMoin/userprefs/oid.py	Sun Feb 07 23:59:11 2010 +0300
+++ b/MoinMoin/userprefs/oid.py	Mon Feb 08 00:18:20 2010 +0100
@@ -142,19 +142,22 @@
         if self.request.method != 'POST':
             return
 
+        if not wikiutil.checkTicket(self.request, form.get('ticket', '')):
+            return
+
         if form.has_key('remove'):
             return self._handle_remove()
 
         if form.has_key('add'):
             return self._handle_add()
 
-        return
-
     def _make_form(self):
         action = "%s%s" % (self.request.script_root, self.request.path)
         _form = html.FORM(action=action)
         _form.append(html.INPUT(type="hidden", name="action", value="userprefs"))
         _form.append(html.INPUT(type="hidden", name="handler", value="oid"))
+        ticket = wikiutil.createTicket(self.request)
+        _form.append(html.INPUT(type="hidden", name="ticket", value=ticket))
         return _form
 
     def _make_row(self, label, cell, **kw):