changeset 5473:0eab7483b474

backport of moin/1.9 cs 5470:8186aa2c7c9f, add ticketing to changepass
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Mon, 01 Feb 2010 01:41:10 +0100
parents bba0ab704aa9
children a2128aa8b830 2ce0e1c469aa 35df310578d7
files MoinMoin/userprefs/changepass.py
diffstat 1 files changed, 7 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/userprefs/changepass.py	Mon Feb 01 01:31:15 2010 +0100
+++ b/MoinMoin/userprefs/changepass.py	Mon Feb 01 01:41:10 2010 +0100
@@ -8,7 +8,7 @@
     @license: GNU GPL, see COPYING for details.
 """
 
-from MoinMoin import user
+from MoinMoin import user, wikiutil
 from MoinMoin.widget import html
 from MoinMoin.userprefs import UserPrefBase
 
@@ -43,6 +43,9 @@
         if request.request_method != 'POST':
             return
 
+        if not wikiutil.checkTicket(request, form.get('ticket', [''])[0]):
+            return
+
         password = form.get('password1', [''])[0]
         password2 = form.get('password2', [''])[0]
 
@@ -78,6 +81,9 @@
         self.make_row(_('Password repeat'),
                       [html.INPUT(type="password", size=36, name="password2")])
 
+        ticket = wikiutil.createTicket(self.request)
+        form.append(html.INPUT(type="hidden", name="ticket", value="%s" % ticket))
+
         # Add buttons
         self.make_row('', [
                 html.INPUT(type="submit", name='save', value=_("Change password")),