Mercurial > moin > 1.9
changeset 5485:9faee4b754c0
userprefs notifications: add ticket
| author | Thomas Waldmann <tw AT waldmann-edv DOT de> |
|---|---|
| date | Wed, 03 Feb 2010 13:20:56 +0100 |
| parents | 7f5b3389a7e1 |
| children | a283079b3f1e |
| files | MoinMoin/userprefs/notification.py |
| diffstat | 1 files changed, 12 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/MoinMoin/userprefs/notification.py Wed Feb 03 13:10:53 2010 +0100 +++ b/MoinMoin/userprefs/notification.py Wed Feb 03 13:20:56 2010 +0100 @@ -8,7 +8,7 @@ @license: GNU GPL, see COPYING for details. """ -from MoinMoin import events +from MoinMoin import events, wikiutil from MoinMoin.widget import html from MoinMoin.userprefs import UserPrefBase @@ -46,8 +46,6 @@ _ = self._ form = self.request.form - if self.request.request_method != 'POST': - return theuser = self.request.user if not theuser: return @@ -76,11 +74,18 @@ def handle_form(self): _ = self._ - form = self.request.form + request = self.request + form = request.form if form.has_key('cancel'): return + if request.request_method != 'POST': + return + + if not wikiutil.checkTicket(request, form.get('ticket', [''])[0]): + return + if form.has_key('save'): # Save user profile return self._save_notification_settings() @@ -138,6 +143,9 @@ self._form.append(html.INPUT(type="hidden", name="action", value="userprefs")) self._form.append(html.INPUT(type="hidden", name="handler", value="prefs")) + ticket = wikiutil.createTicket(self.request) + self._form.append(html.INPUT(type="hidden", name="ticket", value="%s" % ticket)) + if (not (self.cfg.mail_enabled and self.request.user.email) and not (self.cfg.jabber_enabled and self.request.user.jid)): self.make_row('', [html.Text(