Show More
@@ -1,3 +1,4 b'' | |||||
|
1 | from dbus.decorators import method | |||
1 | from django.core.urlresolvers import reverse |
|
2 | from django.core.urlresolvers import reverse | |
2 | from django.core.files import File |
|
3 | from django.core.files import File | |
3 | from django.core.files.temp import NamedTemporaryFile |
|
4 | from django.core.files.temp import NamedTemporaryFile | |
@@ -6,6 +7,8 b' from django.db import transaction' | |||||
6 | from django.http import Http404 |
|
7 | from django.http import Http404 | |
7 | from django.shortcuts import render, redirect |
|
8 | from django.shortcuts import render, redirect | |
8 | import requests |
|
9 | import requests | |
|
10 | from django.utils.decorators import method_decorator | |||
|
11 | from django.views.decorators.csrf import csrf_protect | |||
9 |
|
12 | |||
10 | from boards import utils, settings |
|
13 | from boards import utils, settings | |
11 | from boards.abstracts.paginator import get_paginator |
|
14 | from boards.abstracts.paginator import get_paginator | |
@@ -43,6 +46,7 b' class AllThreadsView(PostMixin, FileUplo' | |||||
43 | self.settings_manager = None |
|
46 | self.settings_manager = None | |
44 | super(AllThreadsView, self).__init__() |
|
47 | super(AllThreadsView, self).__init__() | |
45 |
|
48 | |||
|
49 | @method_decorator(csrf_protect) | |||
46 | def get(self, request, form: ThreadForm=None): |
|
50 | def get(self, request, form: ThreadForm=None): | |
47 | page = request.GET.get('page', DEFAULT_PAGE) |
|
51 | page = request.GET.get('page', DEFAULT_PAGE) | |
48 |
|
52 | |||
@@ -81,6 +85,7 b' class AllThreadsView(PostMixin, FileUplo' | |||||
81 |
|
85 | |||
82 | return render(request, TEMPLATE, params) |
|
86 | return render(request, TEMPLATE, params) | |
83 |
|
87 | |||
|
88 | @method_decorator(csrf_protect) | |||
84 | def post(self, request): |
|
89 | def post(self, request): | |
85 | form = ThreadForm(request.POST, request.FILES, |
|
90 | form = ThreadForm(request.POST, request.FILES, | |
86 | error_class=PlainErrorList) |
|
91 | error_class=PlainErrorList) |
@@ -7,6 +7,9 b' from django.db.models import Count' | |||||
7 | from django.http import HttpResponse |
|
7 | from django.http import HttpResponse | |
8 | from django.shortcuts import get_object_or_404 |
|
8 | from django.shortcuts import get_object_or_404 | |
9 | from django.core import serializers |
|
9 | from django.core import serializers | |
|
10 | from django.template.context_processors import csrf | |||
|
11 | from django.views.decorators.csrf import csrf_protect | |||
|
12 | ||||
10 | from boards.abstracts.settingsmanager import get_settings_manager,\ |
|
13 | from boards.abstracts.settingsmanager import get_settings_manager,\ | |
11 | FAV_THREAD_NO_UPDATES |
|
14 | FAV_THREAD_NO_UPDATES | |
12 |
|
15 | |||
@@ -75,6 +78,7 b' def api_get_threaddiff(request):' | |||||
75 | return HttpResponse(content=json.dumps(json_data)) |
|
78 | return HttpResponse(content=json.dumps(json_data)) | |
76 |
|
79 | |||
77 |
|
80 | |||
|
81 | @csrf_protect | |||
78 | def api_add_post(request, opening_post_id): |
|
82 | def api_add_post(request, opening_post_id): | |
79 | """ |
|
83 | """ | |
80 | Adds a post and return the JSON response for it |
|
84 | Adds a post and return the JSON response for it |
@@ -4,6 +4,9 b' from django.core.exceptions import Objec' | |||||
4 | from django.core.urlresolvers import reverse |
|
4 | from django.core.urlresolvers import reverse | |
5 | from django.http import Http404 |
|
5 | from django.http import Http404 | |
6 | from django.shortcuts import get_object_or_404, render, redirect |
|
6 | from django.shortcuts import get_object_or_404, render, redirect | |
|
7 | from django.template.context_processors import csrf | |||
|
8 | from django.utils.decorators import method_decorator | |||
|
9 | from django.views.decorators.csrf import csrf_protect | |||
7 | from django.views.generic.edit import FormMixin |
|
10 | from django.views.generic.edit import FormMixin | |
8 | from django.utils import timezone |
|
11 | from django.utils import timezone | |
9 | from django.utils.dateformat import format |
|
12 | from django.utils.dateformat import format | |
@@ -39,6 +42,7 b" FORM_THREADS = 'threads'" | |||||
39 |
|
42 | |||
40 | class ThreadView(BaseBoardView, PostMixin, FormMixin, DispatcherMixin): |
|
43 | class ThreadView(BaseBoardView, PostMixin, FormMixin, DispatcherMixin): | |
41 |
|
44 | |||
|
45 | @method_decorator(csrf_protect) | |||
42 | def get(self, request, post_id, form: PostForm=None): |
|
46 | def get(self, request, post_id, form: PostForm=None): | |
43 | try: |
|
47 | try: | |
44 | opening_post = Post.objects.get(id=post_id) |
|
48 | opening_post = Post.objects.get(id=post_id) | |
@@ -85,6 +89,7 b' class ThreadView(BaseBoardView, PostMixi' | |||||
85 |
|
89 | |||
86 | return render(request, self.get_template(), params) |
|
90 | return render(request, self.get_template(), params) | |
87 |
|
91 | |||
|
92 | @method_decorator(csrf_protect) | |||
88 | def post(self, request, post_id): |
|
93 | def post(self, request, post_id): | |
89 | opening_post = get_object_or_404(Post, id=post_id) |
|
94 | opening_post = get_object_or_404(Post, id=post_id) | |
90 |
|
95 |
@@ -106,6 +106,7 b' TEMPLATES = [{' | |||||
106 | ]), |
|
106 | ]), | |
107 | ], |
|
107 | ], | |
108 | 'context_processors': [ |
|
108 | 'context_processors': [ | |
|
109 | 'django.template.context_processors.csrf', | |||
109 | 'django.core.context_processors.media', |
|
110 | 'django.core.context_processors.media', | |
110 | 'django.core.context_processors.static', |
|
111 | 'django.core.context_processors.static', | |
111 | 'django.core.context_processors.request', |
|
112 | 'django.core.context_processors.request', |
General Comments 0
You need to be logged in to leave comments.
Login now