changeset 206:56b792616c8d

require POST for userform save and create user action imported from: moin--main--1.5--patch-208
author Thomas Waldmann <tw@waldmann-edv.de>
date Fri, 11 Nov 2005 22:38:14 +0000
parents 9f13a34ac698
children 8cd285265182
files MoinMoin/userform.py docs/CHANGES
diffstat 2 files changed, 6 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/userform.py	Fri Nov 11 22:05:11 2005 +0000
+++ b/MoinMoin/userform.py	Fri Nov 11 22:38:14 2005 +0000
@@ -89,8 +89,6 @@
 
             return _("Found no account matching the given email address '%(email)s'!") % {'email': wikiutil.escape(email)}
 
-
-
         if form.has_key('login'):
             # Trying to login with a user name and a password
 
@@ -143,6 +141,8 @@
         elif (form.has_key('create') or
               form.has_key('create_only') or
               form.has_key('create_and_mail')):
+            if self.request.request_method != 'POST':
+                return _("Use UserPreferences to change your settings or create an account.")
             # Create user profile
             if form.has_key('create'):
                 theuser = self.request.get_user()
@@ -221,6 +221,8 @@
             return result
 
         else: 
+            if self.request.request_method != 'POST':
+                return _("Use UserPreferences to change your settings or create an account.")
             # Save user profile
             theuser = self.request.get_user()
                 
--- a/docs/CHANGES	Fri Nov 11 22:05:11 2005 +0000
+++ b/docs/CHANGES	Fri Nov 11 22:38:14 2005 +0000
@@ -4,6 +4,8 @@
 Current:
     * added support for linking to .ico and .bmp
     * fixed editor preview throwing away page content for new pages
+  Fixes:
+    * require POST for userform save and create* action
 
 Version 1.5.0beta2:
   Fixes: