Show More
@@ -98,7 +98,6 b' class ChangelogController(BaseRepoContro' | |||||
98 | # TODO: Somehow just don't send this extra junk in the GET URL |
|
98 | # TODO: Somehow just don't send this extra junk in the GET URL | |
99 | if request.GET.get('set'): |
|
99 | if request.GET.get('set'): | |
100 | request.GET.pop('set', None) |
|
100 | request.GET.pop('set', None) | |
101 | request.GET.pop('_authentication_token', None) |
|
|||
102 | if revision is None: |
|
101 | if revision is None: | |
103 | return redirect(url('changelog_home', repo_name=repo_name, **request.GET)) |
|
102 | return redirect(url('changelog_home', repo_name=repo_name, **request.GET)) | |
104 | return redirect(url('changelog_file_home', repo_name=repo_name, revision=revision, f_path=f_path, **request.GET)) |
|
103 | return redirect(url('changelog_file_home', repo_name=repo_name, revision=revision, f_path=f_path, **request.GET)) |
@@ -36,12 +36,13 b' from webhelpers.html.builder import make' | |||||
36 | from webhelpers.html.tags import auto_discovery_link, checkbox, css_classes, \ |
|
36 | from webhelpers.html.tags import auto_discovery_link, checkbox, css_classes, \ | |
37 | end_form, file, hidden, image, javascript_link, link_to, \ |
|
37 | end_form, file, hidden, image, javascript_link, link_to, \ | |
38 | link_to_if, link_to_unless, ol, required_legend, select, stylesheet_link, \ |
|
38 | link_to_if, link_to_unless, ol, required_legend, select, stylesheet_link, \ | |
39 | submit, text, password, textarea, title, ul, xml_declaration, radio |
|
39 | submit, text, password, textarea, title, ul, xml_declaration, radio, \ | |
|
40 | form as insecure_form | |||
40 | from webhelpers.html.tools import auto_link, button_to, highlight, \ |
|
41 | from webhelpers.html.tools import auto_link, button_to, highlight, \ | |
41 | js_obfuscate, mail_to, strip_links, strip_tags, tag_re |
|
42 | js_obfuscate, mail_to, strip_links, strip_tags, tag_re | |
42 | from webhelpers.number import format_byte_size, format_bit_size |
|
43 | from webhelpers.number import format_byte_size, format_bit_size | |
43 | from webhelpers.pylonslib import Flash as _Flash |
|
44 | from webhelpers.pylonslib import Flash as _Flash | |
44 |
from webhelpers.pylonslib.secure_form import secure_form |
|
45 | from webhelpers.pylonslib.secure_form import secure_form, authentication_token | |
45 | from webhelpers.text import chop_at, collapse, convert_accented_entities, \ |
|
46 | from webhelpers.text import chop_at, collapse, convert_accented_entities, \ | |
46 | convert_misc_entities, lchop, plural, rchop, remove_formatting, \ |
|
47 | convert_misc_entities, lchop, plural, rchop, remove_formatting, \ | |
47 | replace_whitespace, urlify, truncate, wrap_paragraphs |
|
48 | replace_whitespace, urlify, truncate, wrap_paragraphs | |
@@ -1451,3 +1452,13 b' def ip_range(ip_addr):' | |||||
1451 | from kallithea.model.db import UserIpMap |
|
1452 | from kallithea.model.db import UserIpMap | |
1452 | s, e = UserIpMap._get_ip_range(ip_addr) |
|
1453 | s, e = UserIpMap._get_ip_range(ip_addr) | |
1453 | return '%s - %s' % (s, e) |
|
1454 | return '%s - %s' % (s, e) | |
|
1455 | ||||
|
1456 | ||||
|
1457 | def form(url, method="post", **attrs): | |||
|
1458 | """Like webhelpers.html.tags.form but automatically using secure_form with | |||
|
1459 | authentication_token for POST. authentication_token is thus never leaked | |||
|
1460 | in the URL.""" | |||
|
1461 | if method.lower() == 'get': | |||
|
1462 | return insecure_form(url, method=method, **attrs) | |||
|
1463 | # webhelpers will turn everything but GET into POST | |||
|
1464 | return secure_form(url, method=method, **attrs) |
General Comments 0
You need to be logged in to leave comments.
Login now