changeset 5484:7f5b3389a7e1

newaccount action: add ticket
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Wed, 03 Feb 2010 13:10:53 +0100
parents 39cae9b6c0c8
children 9faee4b754c0
files MoinMoin/action/newaccount.py
diffstat 1 files changed, 7 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/action/newaccount.py	Tue Feb 02 14:04:57 2010 +0100
+++ b/MoinMoin/action/newaccount.py	Wed Feb 03 13:10:53 2010 +0100
@@ -22,6 +22,9 @@
     if request.request_method != 'POST':
         return
 
+    if not wikiutil.checkTicket(request, form.get('ticket', [''])[0]):
+        return
+
     if not TextCha(request).check_answer_from_form():
         return _('TextCha: Wrong answer! Go back and try again...')
 
@@ -97,6 +100,10 @@
     url = request.page.url(request)
     ret = html.FORM(action=url)
     ret.append(html.INPUT(type='hidden', name='action', value='newaccount'))
+
+    ticket = wikiutil.createTicket(request)
+    ret.append(html.INPUT(type="hidden", name="ticket", value="%s" % ticket))
+
     lang_attr = request.theme.ui_lang_attr()
     ret.append(html.Raw('<div class="userpref"%s>' % lang_attr))
     tbl = html.TABLE(border="0")