Mercurial > moin > 1.9
changeset 4055:f7e942210f52
bug fix for MoinMoinBugs/SystemAdminMailAccountData by using POST and forms for recoverpass and enable/disable useraccount
author | Reimar Bauer <rb.proj AT googlemail DOT com> |
---|---|
date | Sun, 31 Aug 2008 19:45:08 +0200 |
parents | 49f330e9831a |
children | e513bd09cb3b |
files | MoinMoin/userform/admin.py MoinMoin/widget/browser.py |
diffstat | 2 files changed, 37 insertions(+), 31 deletions(-) [+] |
line wrap: on
line diff
--- a/MoinMoin/userform/admin.py Sat Aug 30 18:09:28 2008 +0200 +++ b/MoinMoin/userform/admin.py Sun Aug 31 19:45:08 2008 +0200 @@ -10,7 +10,7 @@ from MoinMoin import user, wikiutil from MoinMoin.util.dataset import TupleDataset, Column from MoinMoin.Page import Page - +from MoinMoin.widget import html def do_user_browser(request): """ Browser for SystemAdmin macro. """ @@ -42,33 +42,32 @@ else: namelink = wikiutil.escape(account.name) + # creates the POST data for account disable/enable + val = "1" + text=_('Disable user') if account.disabled: - enable_disable_link = request.page.link_to( - request, text=_('Enable user'), - querystr={"action": "userprofile", - "name": account.name, - "key": "disabled", - "val": "0", - }, - rel='nofollow') + text=_('Enable user') + val = "0" namelink += " (%s)" % _("disabled") - else: - enable_disable_link = request.page.link_to( - request, text=_('Disable user'), - querystr={"action": "userprofile", - "name": account.name, - "key": "disabled", - "val": "1", - }, - rel='nofollow') + + url = request.page.url(request) + ret = html.FORM(action=url) + ret.append(html.INPUT(type='hidden', name='action', value='userprofile')) + ret.append(html.INPUT(type='hidden', name='name', value=account.name)) + ret.append(html.INPUT(type='hidden', name='key', value="disabled")) + ret.append(html.INPUT(type='hidden', name='val', value=val)) + ret.append(html.INPUT(type='submit', name='userprofile', value=text)) + enable_disable_link = unicode(unicode(ret)) - recoverpass_link = request.page.link_to( - request, text=_('Mail account data'), - querystr={"action": "recoverpass", - "email": account.email, - "account_sendmail": "1", - "sysadm": "users", }, - rel='nofollow') + # creates the POST data for recoverpass + url = request.page.url(request) + ret = html.FORM(action=url) + ret.append(html.INPUT(type='hidden', name='action', value='recoverpass')) + ret.append(html.INPUT(type='hidden', name='email', value=account.email)) + ret.append(html.INPUT(type='hidden', name='account_sendmail', value="1")) + ret.append(html.INPUT(type='hidden', name='sysadm', value="users")) + ret.append(html.INPUT(type='submit', name='recoverpass', value=_('Mail account data'))) + recoverpass_link = unicode(unicode(ret)) if account.email: email_link = (request.formatter.url(1, 'mailto:' + account.email, css='mailto') + @@ -89,7 +88,7 @@ request.formatter.rawHTML(grouppage_links), email_link, jabber_link, - recoverpass_link + " - " + enable_disable_link + recoverpass_link + enable_disable_link )) if data: @@ -97,7 +96,7 @@ browser = DataBrowserWidget(request) browser.setData(data) - return browser.toHTML() + return browser.toHTML(method="POST") # No data return ''
--- a/MoinMoin/widget/browser.py Sat Aug 30 18:09:28 2008 +0200 +++ b/MoinMoin/widget/browser.py Sun Aug 31 19:45:08 2008 +0200 @@ -93,11 +93,15 @@ common[2] = self._makeoption(self._notempty, value == self.__notempty, self.__notempty) return '\n'.join(common + result) - def format(self): + def format(self, method="GET"): + """ + formats the table + @param method: GET or POST method + """ fmt = self.request.formatter result = [] - result.append(fmt.rawHTML('<form action="%s/%s" method="GET" name="%sform">' % (self.request.getScriptname(), wikiutil.quoteWikinameURL(self.request.page.page_name), self.data_id))) + result.append(fmt.rawHTML('<form action="%s/%s" method="%s" name="%sform">' % (self.request.getScriptname(), wikiutil.quoteWikinameURL(self.request.page.page_name), method, self.data_id))) result.append(fmt.div(1)) havefilters = False @@ -189,6 +193,9 @@ toHTML = format # old name of "format" function DEPRECATED, will be removed in 1.7 - def render(self): - self.request.write(self.format()) + def render(self, method="GET"): + """ + @param method: GET or POST method + """ + self.request.write(self.format(method=method))