changeset 5470:8186aa2c7c9f

add ticketing support to changepass
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Sun, 31 Jan 2010 23:23:59 +0100
parents cce24183de9e
children d09832475f04
files MoinMoin/userprefs/changepass.py
diffstat 1 files changed, 7 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/userprefs/changepass.py	Sun Jan 31 22:50:49 2010 +0100
+++ b/MoinMoin/userprefs/changepass.py	Sun Jan 31 23:23:59 2010 +0100
@@ -8,7 +8,7 @@
     @license: GNU GPL, see COPYING for details.
 """
 
-from MoinMoin import user
+from MoinMoin import user, wikiutil
 from MoinMoin.widget import html
 from MoinMoin.userprefs import UserPrefBase
 
@@ -43,6 +43,9 @@
         if request.method != 'POST':
             return
 
+        if not wikiutil.checkTicket(request, form['ticket']):
+            return
+
         password = form.get('password1', '')
         password2 = form.get('password2', '')
 
@@ -78,6 +81,9 @@
         self.make_row(_('Password repeat'),
                       [html.INPUT(type="password", size=36, name="password2")])
 
+        ticket = wikiutil.createTicket(self.request)
+        form.append(html.INPUT(type="hidden", name="ticket", value="%s" % ticket))
+
         # Add buttons
         self.make_row('', [
                 html.INPUT(type="submit", name='save', value=_("Change password")),