Mercurial > moin > 1.9

changeset 3068:5471f4a009dc

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
add action parameter to createTicket, improve checkTicket logging (ported from 1.6)
author Reimar Bauer <rb.proj AT googlemail DOT com>
date Fri, 22 Feb 2008 18:11:05 +0100
parents 7fa08b9b8a90
children 15d744f727c9
files MoinMoin/wikiutil.py
diffstat 1 files changed, 19 insertions(+), 6 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/wikiutil.py	Fri Feb 22 17:28:21 2008 +0100
+++ b/MoinMoin/wikiutil.py	Fri Feb 22 18:11:05 2008 +0100
@@ -16,6 +16,7 @@
 import re
 import time
 import urllib
+import logging
 
 from MoinMoin import config
 from MoinMoin.util import pysupport, lock
@@ -2168,8 +2169,16 @@
 ### Tickets - used by RenamePage and DeletePage
 ########################################################################
 
-def createTicket(request, tm=None):
-    """Create a ticket using a site-specific secret (the config)"""
+def createTicket(request, tm=None, action=None):
+    """ Create a ticket using a site-specific secret (the config)
+
+        @param tm: unix timestamp (optional, uses current time if not given)
+        @param action: action name (optional, uses current action if not given)
+                       Note: if you create a ticket for a form that calls another
+                             action than the current one, you MUST specify the
+                             action you call when posting the form.
+    """
+
     import sha
     if tm is None:
         tm = "%010x" % time.time()
@@ -2180,10 +2189,11 @@
     except:
         pagename = 'None'
 
-    try:
-        action = request.action
-    except:
-        action = 'None'
+    if action is None:
+        try:
+            action = request.action
+        except:
+            action = 'None'
 
 
     ticket = "%s.%s.%s" % (tm, pagename, action)
@@ -2209,12 +2219,15 @@
         timestamp = int(timestamp_str, 16)
     except ValueError:
         # invalid or empty ticket
+        logging.debug("checkTicket: invalid or empty ticket %r" % ticket)
         return False
     now = time.time()
     if timestamp < now - 10 * 3600:
         # we don't accept tickets older than 10h
+        logging.debug("checkTicket: too old ticket, timestamp %r" % timestamp)
         return False
     ourticket = createTicket(request, timestamp_str)
+    logging.debug("checkTicket: returning %r, got %r, expected %r" % (ticket == ourticket, ticket, ourticket))
     return ticket == ourticket