Show More
@@ -98,7 +98,6 b' class ChangelogController(BaseRepoContro' | |||
|
98 | 98 | # TODO: Somehow just don't send this extra junk in the GET URL |
|
99 | 99 | if request.GET.get('set'): |
|
100 | 100 | request.GET.pop('set', None) |
|
101 | request.GET.pop('_authentication_token', None) | |
|
102 | 101 | if revision is None: |
|
103 | 102 | return redirect(url('changelog_home', repo_name=repo_name, **request.GET)) |
|
104 | 103 | return redirect(url('changelog_file_home', repo_name=repo_name, revision=revision, f_path=f_path, **request.GET)) |
@@ -36,12 +36,13 b' from webhelpers.html.builder import make' | |||
|
36 | 36 | from webhelpers.html.tags import auto_discovery_link, checkbox, css_classes, \ |
|
37 | 37 | end_form, file, hidden, image, javascript_link, link_to, \ |
|
38 | 38 | link_to_if, link_to_unless, ol, required_legend, select, stylesheet_link, \ |
|
39 | submit, text, password, textarea, title, ul, xml_declaration, radio | |
|
39 | submit, text, password, textarea, title, ul, xml_declaration, radio, \ | |
|
40 | form as insecure_form | |
|
40 | 41 | from webhelpers.html.tools import auto_link, button_to, highlight, \ |
|
41 | 42 | js_obfuscate, mail_to, strip_links, strip_tags, tag_re |
|
42 | 43 | from webhelpers.number import format_byte_size, format_bit_size |
|
43 | 44 | from webhelpers.pylonslib import Flash as _Flash |
|
44 |
from webhelpers.pylonslib.secure_form import secure_form |
|
|
45 | from webhelpers.pylonslib.secure_form import secure_form, authentication_token | |
|
45 | 46 | from webhelpers.text import chop_at, collapse, convert_accented_entities, \ |
|
46 | 47 | convert_misc_entities, lchop, plural, rchop, remove_formatting, \ |
|
47 | 48 | replace_whitespace, urlify, truncate, wrap_paragraphs |
@@ -1451,3 +1452,13 b' def ip_range(ip_addr):' | |||
|
1451 | 1452 | from kallithea.model.db import UserIpMap |
|
1452 | 1453 | s, e = UserIpMap._get_ip_range(ip_addr) |
|
1453 | 1454 | return '%s - %s' % (s, e) |
|
1455 | ||
|
1456 | ||
|
1457 | def form(url, method="post", **attrs): | |
|
1458 | """Like webhelpers.html.tags.form but automatically using secure_form with | |
|
1459 | authentication_token for POST. authentication_token is thus never leaked | |
|
1460 | in the URL.""" | |
|
1461 | if method.lower() == 'get': | |
|
1462 | return insecure_form(url, method=method, **attrs) | |
|
1463 | # webhelpers will turn everything but GET into POST | |
|
1464 | return secure_form(url, method=method, **attrs) |
General Comments 0
You need to be logged in to leave comments.
Login now