Fixes

2016-05-25 13:50:45 +02:00 · 2016-05-25 13:50:45 +02:00 · f5adbc376a
commit f5adbc376a
parent bef630ec1d
6 changed files with 39 additions and 54 deletions
--- a/paramecio/citoplasma/httputils.py
+++ b/paramecio/citoplasma/httputils.py
@ -22,33 +22,37 @@ class GetPostFiles:
        
        self.get=request.query.decode()
    
-    def obtain_post(self, required_post=[]):
+    def obtain_post(self, required_post=[], ignore_csrf_token=False):
        
        self.post={}
        
        self.post=request.forms.decode()
        
+        if len(required_post)==0:
+            required_post=self.post.keys()
+        
        for post in required_post:
-            
            self.post[post]=self.post.get(post, '')
        
        s=get_session()
        
-        if 'csrf_token' in s:
-            
-            self.post['csrf_token']=self.post.get('csrf_token', '')
-            
-            if self.post['csrf_token']!=s['csrf_token'] and self.post['csrf_token'].strip()!="":
+        if ignore_csrf_token==False:
+        
+            if 'csrf_token' in s:
                
-                raise NameError('Error: you need a valid csrf_token')
-            else:
-                #Clean csrf_token
-                
-                del s['csrf_token']
+                self.post['csrf_token']=self.post.get('csrf_token', '')
                
+                if self.post['csrf_token']!=s['csrf_token'] and self.post['csrf_token'].strip()!="":
+                    
+                    raise NameError('Error: you need a valid csrf_token')
+                else:
+                    #Clean csrf_token
+                    
+                    del s['csrf_token']
+                    

-        else:
-            raise NameError('Error: you don\'t send any valid csrf_token')
+            else:
+                raise NameError('Error: you don\'t send any valid csrf_token')

        #Check post_token