Show More
| @@ -68,8 +68,8 b' class AdminSessionSettingsView(BaseAppVi' | |||
|
|
68 | 68 | return self._get_template_context(c) |
|
|
69 | 69 | |
|
|
70 | 70 | @LoginRequired() |
|
|
71 | @HasPermissionAllDecorator('hg.admin') | |
|
|
71 | 72 | @CSRFRequired() |
|
|
72 | @HasPermissionAllDecorator('hg.admin') | |
|
|
73 | 73 | @view_config( |
|
|
74 | 74 | route_name='admin_settings_sessions_cleanup', request_method='POST') |
|
|
75 | 75 | def settings_sessions_cleanup(self): |
| @@ -33,8 +33,8 b' log = logging.getLogger(__name__)' | |||
|
|
33 | 33 | class SvnConfigAdminSettingsView(BaseAppView): |
|
|
34 | 34 | |
|
|
35 | 35 | @LoginRequired() |
|
|
36 | @HasPermissionAllDecorator('hg.admin') | |
|
|
36 | 37 | @CSRFRequired() |
|
|
37 | @HasPermissionAllDecorator('hg.admin') | |
|
|
38 | 38 | @view_config( |
|
|
39 | 39 | route_name='admin_settings_vcs_svn_generate_cfg', |
|
|
40 | 40 | request_method='POST', renderer='json') |
| @@ -251,6 +251,7 b' class AdminUsersView(BaseAppView, DataGr' | |||
|
|
251 | 251 | |
|
|
252 | 252 | @LoginRequired() |
|
|
253 | 253 | @HasPermissionAllDecorator('hg.admin') |
|
|
254 | @CSRFRequired() | |
|
|
254 | 255 | @view_config( |
|
|
255 | 256 | route_name='edit_user_groups_management_updates', request_method='POST') |
|
|
256 | 257 | def groups_management_updates(self): |
| @@ -24,7 +24,8 b' from pyramid.httpexceptions import HTTPF' | |||
|
|
24 | 24 | from pyramid.view import view_config |
|
|
25 | 25 | |
|
|
26 | 26 | from rhodecode.apps._base import RepoAppView |
|
|
27 | from rhodecode.lib.auth import LoginRequired, HasRepoPermissionAnyDecorator | |
|
|
27 | from rhodecode.lib.auth import LoginRequired, HasRepoPermissionAnyDecorator, \ | |
|
|
28 | CSRFRequired | |
|
|
28 | 29 | from rhodecode.lib import helpers as h |
|
|
29 | 30 | from rhodecode.model.meta import Session |
|
|
30 | 31 | from rhodecode.model.scm import ScmModel |
| @@ -55,6 +56,7 b' class RepoCachesView(RepoAppView):' | |||
|
|
55 | 56 | |
|
|
56 | 57 | @LoginRequired() |
|
|
57 | 58 | @HasRepoPermissionAnyDecorator('repository.admin') |
|
|
59 | @CSRFRequired() | |
|
|
58 | 60 | @view_config( |
|
|
59 | 61 | route_name='edit_repo_caches', request_method='POST') |
|
|
60 | 62 | def repo_caches_purge(self): |
| @@ -73,6 +73,7 b' class RepoSettingsView(RepoAppView):' | |||
|
|
73 | 73 | |
|
|
74 | 74 | @LoginRequired() |
|
|
75 | 75 | @HasRepoPermissionAnyDecorator('repository.admin') |
|
|
76 | @CSRFRequired() | |
|
|
76 | 77 | @view_config( |
|
|
77 | 78 | route_name='edit_repo_advanced_delete', request_method='POST', |
|
|
78 | 79 | renderer='rhodecode:templates/admin/repos/repo_edit.mako') |
| @@ -25,7 +25,7 b' from rhodecode.apps._base import RepoApp' | |||
|
|
25 | 25 | from rhodecode.lib import audit_logger |
|
|
26 | 26 | from rhodecode.lib import helpers as h |
|
|
27 | 27 | from rhodecode.lib.auth import (LoginRequired, HasRepoPermissionAnyDecorator, |
|
|
28 | NotAnonymous) | |
|
|
28 | NotAnonymous, CSRFRequired) | |
|
|
29 | 29 | from rhodecode.lib.ext_json import json |
|
|
30 | 30 | |
|
|
31 | 31 | log = logging.getLogger(__name__) |
| @@ -55,6 +55,7 b' class StripView(RepoAppView):' | |||
|
|
55 | 55 | |
|
|
56 | 56 | @LoginRequired() |
|
|
57 | 57 | @HasRepoPermissionAnyDecorator('repository.admin') |
|
|
58 | @CSRFRequired() | |
|
|
58 | 59 | @view_config( |
|
|
59 | 60 | route_name='strip_check', request_method='POST', |
|
|
60 | 61 | renderer='json', xhr=True) |
| @@ -80,6 +81,7 b' class StripView(RepoAppView):' | |||
|
|
80 | 81 | |
|
|
81 | 82 | @LoginRequired() |
|
|
82 | 83 | @HasRepoPermissionAnyDecorator('repository.admin') |
|
|
84 | @CSRFRequired() | |
|
|
83 | 85 | @view_config( |
|
|
84 | 86 | route_name='strip_execute', request_method='POST', |
|
|
85 | 87 | renderer='json', xhr=True) |
| @@ -104,7 +104,9 b' delOld = function(number){' | |||
|
|
104 | 104 | |
|
|
105 | 105 | }; |
|
|
106 | 106 | |
|
|
107 |
var result |
|
|
|
107 | var resultData = { | |
|
|
108 | 'csrf_token': CSRF_TOKEN | |
|
|
109 | }; | |
|
|
108 | 110 | |
|
|
109 | 111 | checkCommits = function() { |
|
|
110 | 112 | var postData = $('form').serialize(); |
| @@ -116,14 +118,16 b' checkCommits = function() {' | |||
|
|
116 | 118 | btn.addClass('disabled'); |
|
|
117 | 119 | |
|
|
118 | 120 | var success = function (data) { |
|
|
119 |
result |
|
|
|
121 | resultData = { | |
|
|
122 | 'csrf_token': CSRF_TOKEN | |
|
|
123 | }; | |
|
|
120 | 124 | var i = 0; |
|
|
121 | 125 | var result = '<ol>'; |
|
|
122 | 126 | $.each(data, function(index, value){ |
|
|
123 | 127 | i= index; |
|
|
124 | 128 | var box = $('#box-'+index); |
|
|
125 | 129 | if (value.rev){ |
|
|
126 |
result |
|
|
|
130 | resultData[index] = JSON.stringify(value); | |
|
|
127 | 131 | |
|
|
128 | 132 | var verifiedHtml = ( |
|
|
129 | 133 | '<li style="line-height:1.2em">' + |
| @@ -185,7 +189,7 b' strip = function() {' | |||
|
|
185 | 189 | $('#results').html(result); |
|
|
186 | 190 | |
|
|
187 | 191 | }; |
|
|
188 |
ajaxPOST(url, result |
|
|
|
192 | ajaxPOST(url, resultData, success, null); | |
|
|
189 | 193 | var btn = $('#strip_action'); |
|
|
190 | 194 | btn.remove(); |
|
|
191 | 195 | |
General Comments 0
You need to be logged in to leave comments.
Login now