changeset 5512:478dfec03a09

Despam action: add ticketing
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Sun, 07 Feb 2010 17:23:08 +0100
parents a283079b3f1e
children 0e8fa2a6d016
files MoinMoin/action/Despam.py
diffstat 1 files changed, 13 insertions(+), 6 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/action/Despam.py	Wed Feb 03 13:35:28 2010 +0100
+++ b/MoinMoin/action/Despam.py	Sun Feb 07 17:23:08 2010 +0100
@@ -104,14 +104,20 @@
     request.write('''
 </table>
 <p>
-<form method="post" action="%s/%s">
+<form method="post" action="%(url)s">
 <input type="hidden" name="action" value="Despam">
-<input type="hidden" name="editor" value="%s">
-<input type="submit" name="ok" value="%s">
+<input type="hidden" name="ticket" value="%(ticket)s">
+<input type="hidden" name="editor" value="%(editor)s">
+<input type="submit" name="ok" value="%(label)s">
 </form>
 </p>
-''' % (request.getScriptname(), wikiutil.quoteWikinameURL(pagename),
-       wikiutil.url_quote(editor), _("Revert all!")))
+''' % dict(
+        url="%s/%s" % (request.getScriptname(), wikiutil.quoteWikinameURL(pagename)),
+        ticket=wikiutil.createTicket(request),
+        editor=wikiutil.url_quote(editor),
+        label=_("Revert all!"),
+    ))
+
 
 def revert_page(request, pagename, editor):
     if not request.user.may.revert(pagename):
@@ -192,7 +198,8 @@
     # Start content (important for RTL support)
     request.write(request.formatter.startContent("content"))
 
-    if ok:
+    if (request.request_method == 'POST' and ok and
+        wikiutil.checkTicket(request, request.form.get('ticket', [''])[0])):
         revert_pages(request, editor, timestamp)
     elif editor:
         show_pages(request, pagename, editor, timestamp)