changeset 5474:a2128aa8b830

merge moin/1.7
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Mon, 01 Feb 2010 01:45:22 +0100
parents 0dd02729b3b5 (current diff) 0eab7483b474 (diff)
children 575601b3117d
files MoinMoin/userprefs/changepass.py MoinMoin/wikiutil.py
diffstat 2 files changed, 17 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/userprefs/changepass.py	Sat Jan 09 02:40:08 2010 +0100
+++ b/MoinMoin/userprefs/changepass.py	Mon Feb 01 01:45:22 2010 +0100
@@ -8,7 +8,7 @@
     @license: GNU GPL, see COPYING for details.
 """
 
-from MoinMoin import user
+from MoinMoin import user, wikiutil
 from MoinMoin.widget import html
 from MoinMoin.userprefs import UserPrefBase
 
@@ -43,6 +43,9 @@
         if request.request_method != 'POST':
             return
 
+        if not wikiutil.checkTicket(request, form.get('ticket', [''])[0]):
+            return
+
         password = form.get('password1', [''])[0]
         password2 = form.get('password2', [''])[0]
 
@@ -78,6 +81,9 @@
         self.make_row(_('Password repeat'),
                       [html.INPUT(type="password", size=36, name="password2")])
 
+        ticket = wikiutil.createTicket(self.request)
+        form.append(html.INPUT(type="hidden", name="ticket", value="%s" % ticket))
+
         # Add buttons
         self.make_row('', [
                 html.INPUT(type="submit", name='save', value=_("Change password")),
--- a/MoinMoin/wikiutil.py	Sat Jan 09 02:40:08 2010 +0100
+++ b/MoinMoin/wikiutil.py	Mon Feb 01 01:45:22 2010 +0100
@@ -2496,6 +2496,16 @@
     ticket = "%s.%s.%s" % (tm, pagename, action)
     digest.update(ticket)
 
+    if request.session:
+        sid = request.session.name
+    else:
+        sid = 'None'
+    if request.user.valid:
+        uid = request.user.id
+    else:
+        uid = 'None'
+    digest.update(sid+uid)
+
     return "%s.%s" % (ticket, digest.hexdigest())