changeset 4654:a04008fe1233 1.9.0beta2

merged main
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Sat, 14 Mar 2009 23:07:29 +0100
parents 4d01cd04af70 (current diff) 567bea26c321 (diff)
children f37524774ba4
files
diffstat 1 files changed, 7 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/action/Load.py	Sat Mar 14 23:06:38 2009 +0100
+++ b/MoinMoin/action/Load.py	Sat Mar 14 23:07:29 2009 +0100
@@ -13,6 +13,7 @@
 from MoinMoin.action import ActionBase, AttachFile
 from MoinMoin.PageEditor import PageEditor
 from MoinMoin.Page import Page
+from MoinMoin.security.textcha import TextCha
 
 class Load(ActionBase):
     """ Load page action
@@ -35,6 +36,10 @@
         _ = self._
         form = self.form
         request = self.request
+        # Currently we only check TextCha for upload (this is what spammers ususally do),
+        # but it could be extended to more/all attachment write access
+        if not TextCha(request).check_answer_from_form():
+            return status, _('TextCha: Wrong answer! Go back and try again...')
 
         comment = form.get('comment', u'')
         comment = wikiutil.clean_input(comment)
@@ -91,6 +96,7 @@
 <dt>%(upload_label_comment)s</dt>
 <dd><input type="text" name="comment" size="80" maxlength="200"></dd>
 </dl>
+%(textcha)s
 <p>
 <input type="hidden" name="action" value="%(action_name)s">
 <input type="hidden" name="do" value="upload">
@@ -108,6 +114,7 @@
     'pagename': self.pagename,
     'buttons_html': buttons_html,
     'action_name': self.form_trigger,
+    'textcha': TextCha(self.request).render(),
 }
 
 def execute(pagename, request):