Fixes for csrf token in generate_admin_class
This commit is contained in:
parent
cd616efab1
commit
3aedbaa10f
3 changed files with 5 additions and 1 deletions
|
|
@ -248,6 +248,6 @@ def check_csrf(name_csrf_token='csrf_token'):
|
||||||
csrf_token=session.get('csrf_token', '')
|
csrf_token=session.get('csrf_token', '')
|
||||||
|
|
||||||
if csrf_token=='' or csrf_token!=request.form.get(name_csrf_token):
|
if csrf_token=='' or csrf_token!=request.form.get(name_csrf_token):
|
||||||
abort(404)
|
abort(403)
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -24,6 +24,7 @@ from paramecio2.libraries.urls import add_get_parameters
|
||||||
from paramecio2.libraries.formsutils import show_form
|
from paramecio2.libraries.formsutils import show_form
|
||||||
from paramecio2.libraries.mtemplates import env_theme, PTemplate
|
from paramecio2.libraries.mtemplates import env_theme, PTemplate
|
||||||
from paramecio2.libraries.i18n import I18n, PGetText
|
from paramecio2.libraries.i18n import I18n, PGetText
|
||||||
|
from paramecio2.libraries.formsutils import check_csrf
|
||||||
from collections import OrderedDict
|
from collections import OrderedDict
|
||||||
|
|
||||||
pgettext=PGetText(__file__)
|
pgettext=PGetText(__file__)
|
||||||
|
|
@ -173,6 +174,8 @@ class GenerateAdminClass:
|
||||||
|
|
||||||
elif op_admin=='2':
|
elif op_admin=='2':
|
||||||
|
|
||||||
|
check_csrf()
|
||||||
|
|
||||||
self.model.reset_conditions()
|
self.model.reset_conditions()
|
||||||
|
|
||||||
insert_row=self.model.insert
|
insert_row=self.model.insert
|
||||||
|
|
|
||||||
|
|
@ -23,4 +23,5 @@
|
||||||
${form.form()|n}
|
${form.form()|n}
|
||||||
% endif
|
% endif
|
||||||
% endfor
|
% endfor
|
||||||
|
${csrf_token()|n}
|
||||||
</div>
|
</div>
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue