changeset 4733:742ace271d41

merged moin/1.7
author Reimar Bauer <rb.proj AT googlemail DOT com>
date Thu, 21 May 2009 16:53:24 +0200
parents 614dac6122cb (current diff) e9a2cbcf5479 (diff)
children c538e2b0bba9
files MoinMoin/auth/http.py
diffstat 2 files changed, 13 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/action/CopyPage.py	Sat May 09 03:16:28 2009 +0200
+++ b/MoinMoin/action/CopyPage.py	Thu May 21 16:53:24 2009 +0200
@@ -13,6 +13,7 @@
 from MoinMoin.Page import Page
 from MoinMoin.PageEditor import PageEditor
 from MoinMoin.action import ActionBase
+from MoinMoin.security.textcha import TextCha
 
 class CopyPage(ActionBase):
     """ Copy page action
@@ -45,6 +46,11 @@
     def do_action(self):
         """ copy this page to "pagename" """
         _ = self._
+        # Currently we only check TextCha for upload (this is what spammers ususally do),
+        # but it could be extended to more/all attachment write access
+        if not TextCha(self.request).check_answer_from_form():
+            return status, _('TextCha: Wrong answer! Go back and try again...')
+
         form = self.form
         newpagename = form.get('newpagename', [u''])[0]
         newpagename = self.request.normalizePagename(newpagename)
@@ -84,6 +90,7 @@
             subpages = ' '.join(self.users_subpages)
 
             d = {
+                'textcha': TextCha(self.request).render(),
                 'subpage': subpages,
                 'subpages_checked': ('', 'checked')[self.request.form.get('subpages_checked', ['0'])[0] == '1'],
                 'subpage_label': _('Copy all /subpages too?'),
@@ -98,6 +105,7 @@
 <strong>%(querytext)s</strong>
 <br>
 <br>
+%(textcha)s
 <table>
     <tr>
     <dd>
@@ -132,12 +140,14 @@
 
         else:
             d = {
+                'textcha': TextCha(self.request).render(),
                 'pagename': wikiutil.escape(self.pagename, True),
                 'newname_label': _("New name"),
                 'comment_label': _("Optional reason for the copying"),
                 'buttons_html': buttons_html,
                 }
             return '''
+%(textcha)s
 <table>
     <tr>
         <td class="label"><label>%(newname_label)s</label></td>
--- a/MoinMoin/auth/http.py	Sat May 09 03:16:28 2009 +0200
+++ b/MoinMoin/auth/http.py	Thu May 21 16:53:24 2009 +0200
@@ -59,10 +59,10 @@
                           auth_method=self.name, auth_attribs=())
         elif not isinstance(request, request_cli.Request):
             env = request.env
-            auth_type = env.get('AUTH_TYPE', '')
-            if auth_type in ['Basic', 'Digest', 'NTLM', 'Negotiate', ]:
+            auth_type = env.get('AUTH_TYPE', '').lower()
+            if auth_type in ['basic', 'digest', 'ntlm', 'negotiate', ]:
                 username = env.get('REMOTE_USER', '').decode(config.charset)
-                if auth_type in ('NTLM', 'Negotiate', ):
+                if auth_type in ('ntlm', 'negotiate', ):
                     # converting to standard case so the user can even enter wrong case
                     # (added since windows does not distinguish between e.g.
                     #  "Mike" and "mike")