Mercurial > moin > 1.9

changeset 4055:f7e942210f52

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
bug fix for MoinMoinBugs/SystemAdminMailAccountData by using POST and forms for recoverpass and enable/disable useraccount
author Reimar Bauer <rb.proj AT googlemail DOT com>
date Sun, 31 Aug 2008 19:45:08 +0200
parents 49f330e9831a
children e513bd09cb3b
files MoinMoin/userform/admin.py MoinMoin/widget/browser.py
diffstat 2 files changed, 37 insertions(+), 31 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/userform/admin.py	Sat Aug 30 18:09:28 2008 +0200
+++ b/MoinMoin/userform/admin.py	Sun Aug 31 19:45:08 2008 +0200
@@ -10,7 +10,7 @@
 from MoinMoin import user, wikiutil
 from MoinMoin.util.dataset import TupleDataset, Column
 from MoinMoin.Page import Page
-
+from MoinMoin.widget import html
 
 def do_user_browser(request):
     """ Browser for SystemAdmin macro. """
@@ -42,33 +42,32 @@
         else:
             namelink = wikiutil.escape(account.name)
 
+        # creates the POST data for account disable/enable
+        val = "1"
+        text=_('Disable user')
         if account.disabled:
-            enable_disable_link = request.page.link_to(
-                                    request, text=_('Enable user'),
-                                    querystr={"action": "userprofile",
-                                              "name": account.name,
-                                              "key": "disabled",
-                                              "val": "0",
-                                             },
-                                    rel='nofollow')
+            text=_('Enable user')
+            val = "0"
             namelink += " (%s)" % _("disabled")
-        else:
-            enable_disable_link = request.page.link_to(
-                                    request, text=_('Disable user'),
-                                    querystr={"action": "userprofile",
-                                              "name": account.name,
-                                              "key": "disabled",
-                                              "val": "1",
-                                             },
-                                    rel='nofollow')
+
+        url = request.page.url(request)
+        ret = html.FORM(action=url)
+        ret.append(html.INPUT(type='hidden', name='action', value='userprofile'))
+        ret.append(html.INPUT(type='hidden', name='name', value=account.name))
+        ret.append(html.INPUT(type='hidden', name='key', value="disabled"))
+        ret.append(html.INPUT(type='hidden', name='val', value=val))
+        ret.append(html.INPUT(type='submit', name='userprofile', value=text))
+        enable_disable_link = unicode(unicode(ret))
 
-        recoverpass_link = request.page.link_to(
-                            request, text=_('Mail account data'),
-                            querystr={"action": "recoverpass",
-                                      "email": account.email,
-                                      "account_sendmail": "1",
-                                      "sysadm": "users", },
-                            rel='nofollow')
+        # creates the POST data for recoverpass
+        url = request.page.url(request)
+        ret = html.FORM(action=url)
+        ret.append(html.INPUT(type='hidden', name='action', value='recoverpass'))
+        ret.append(html.INPUT(type='hidden', name='email', value=account.email))
+        ret.append(html.INPUT(type='hidden', name='account_sendmail', value="1"))
+        ret.append(html.INPUT(type='hidden', name='sysadm', value="users"))
+        ret.append(html.INPUT(type='submit', name='recoverpass', value=_('Mail account data')))
+        recoverpass_link =  unicode(unicode(ret))
 
         if account.email:
             email_link = (request.formatter.url(1, 'mailto:' + account.email, css='mailto') +
@@ -89,7 +88,7 @@
             request.formatter.rawHTML(grouppage_links),
             email_link,
             jabber_link,
-            recoverpass_link + " - " + enable_disable_link
+            recoverpass_link + enable_disable_link
         ))
 
     if data:
@@ -97,7 +96,7 @@
 
         browser = DataBrowserWidget(request)
         browser.setData(data)
-        return browser.toHTML()
+        return browser.toHTML(method="POST")
 
     # No data
     return ''
--- a/MoinMoin/widget/browser.py	Sat Aug 30 18:09:28 2008 +0200
+++ b/MoinMoin/widget/browser.py	Sun Aug 31 19:45:08 2008 +0200
@@ -93,11 +93,15 @@
         common[2] = self._makeoption(self._notempty, value == self.__notempty, self.__notempty)
         return '\n'.join(common + result)
 
-    def format(self):
+    def format(self, method="GET"):
+        """
+        formats the table
+        @param method: GET or POST method
+        """
         fmt = self.request.formatter
 
         result = []
-        result.append(fmt.rawHTML('<form action="%s/%s" method="GET" name="%sform">' % (self.request.getScriptname(), wikiutil.quoteWikinameURL(self.request.page.page_name), self.data_id)))
+        result.append(fmt.rawHTML('<form action="%s/%s" method="%s" name="%sform">' % (self.request.getScriptname(), wikiutil.quoteWikinameURL(self.request.page.page_name), method, self.data_id)))
         result.append(fmt.div(1))
 
         havefilters = False
@@ -189,6 +193,9 @@
 
     toHTML = format # old name of "format" function DEPRECATED, will be removed in 1.7
 
-    def render(self):
-        self.request.write(self.format())
+    def render(self, method="GET"):
+        """
+        @param method: GET or POST method
+        """
+        self.request.write(self.format(method=method))