changeset 5477:35df310578d7

backport of moin/1.9 5471:d09832475f04, add ticketing to userprefs settings
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Tue, 02 Feb 2010 13:53:36 +0100
parents 0eab7483b474
children b29b47f681dd
files MoinMoin/userprefs/prefs.py
diffstat 1 files changed, 12 insertions(+), 6 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/userprefs/prefs.py	Mon Feb 01 01:41:10 2010 +0100
+++ b/MoinMoin/userprefs/prefs.py	Tue Feb 02 13:53:36 2010 +0100
@@ -61,9 +61,6 @@
         form = self.request.form
         request = self.request
 
-        if request.request_method != 'POST':
-            return
-
         if not 'name' in request.user.auth_attribs:
             # Require non-empty name
             new_name = form.get('name', [request.user.name])[0]
@@ -224,10 +221,16 @@
 
 
     def handle_form(self):
-        _ = self._
-        form = self.request.form
+        request = self.request
+        form = request.form
+  
+        if form.has_key('cancel'):
+            return
+  
+        if request.request_method != 'POST':
+            return
 
-        if form.has_key('cancel'):
+        if not wikiutil.checkTicket(request, form.get('ticket', [''])[0]):
             return
 
         if form.has_key('save'): # Save user profile
@@ -393,6 +396,9 @@
             self._form.append(html.INPUT(type="hidden", name="action", value="userprefs"))
             self._form.append(html.INPUT(type="hidden", name="handler", value="prefs"))
 
+            ticket = wikiutil.createTicket(request)
+            self._form.append(html.INPUT(type="hidden", name="ticket", value="%s" % ticket))
+
         # Add buttons
         button_cell = []
         for name, label in buttons: