30 |
30 |
except ImportError:
|
31 |
31 |
qrcode = None
|
32 |
32 |
|
33 |
|
from quixote import get_publisher, get_request, get_response, get_session, redirect
|
|
33 |
from quixote import (get_publisher, get_request, get_response, get_session,
|
|
34 |
get_session_manager, redirect)
|
34 |
35 |
from quixote.directory import Directory, AccessControlled
|
35 |
36 |
from quixote.util import randbytes
|
36 |
37 |
from quixote.form.widget import *
|
... | ... | |
344 |
345 |
self.feed_current_data(magictoken)
|
345 |
346 |
|
346 |
347 |
form = self.formdef.create_form(page_no, displayed_fields)
|
|
348 |
if getattr(session, 'ajax_form_token', None):
|
|
349 |
form.add_hidden('_ajax_form_token', session.ajax_form_token)
|
347 |
350 |
if get_request().is_in_backoffice():
|
348 |
351 |
form.attrs['data-is-backoffice'] = 'true'
|
349 |
352 |
form.action = self.action_url
|
... | ... | |
512 |
515 |
return redirect(self.check_disabled())
|
513 |
516 |
|
514 |
517 |
session = get_session()
|
|
518 |
if self.formdef.enable_tracking_codes:
|
|
519 |
if get_request().form.get('_ajax_form_token'):
|
|
520 |
# _ajax_form_token is immediately removed, this prevents
|
|
521 |
# late autosave() to overwrite data after the user went to a
|
|
522 |
# different page.
|
|
523 |
try:
|
|
524 |
session.remove_form_token(get_request().form.get('_ajax_form_token'))
|
|
525 |
except ValueError:
|
|
526 |
# already got removed, this may be because the form got
|
|
527 |
# submitted twice.
|
|
528 |
pass
|
|
529 |
session.ajax_form_token = session.create_form_token()
|
515 |
530 |
|
516 |
531 |
if get_request().form.get('magictoken'):
|
517 |
532 |
no_magic = object()
|
... | ... | |
808 |
823 |
def result_error(reason):
|
809 |
824 |
return json.dumps({'result': 'error', 'reason': reason})
|
810 |
825 |
|
|
826 |
if not get_session().has_form_token(get_request().form.get('_ajax_form_token')):
|
|
827 |
return result_error('obsolete ajax form token')
|
|
828 |
|
811 |
829 |
try:
|
812 |
830 |
page_no = int(get_request().form.get('page'))
|
813 |
831 |
except TypeError:
|
... | ... | |
831 |
849 |
return result_error('nothing to save')
|
832 |
850 |
|
833 |
851 |
form_data.update(data)
|
|
852 |
|
|
853 |
# reload session to make sure _ajax_form_token is still valid
|
|
854 |
session = get_session_manager().get(get_session().id)
|
|
855 |
if not session.has_form_token(get_request().form.get('_ajax_form_token')):
|
|
856 |
return result_error('obsolete ajax form token (late check)')
|
|
857 |
|
834 |
858 |
draft_formdata = self.save_draft(form_data, page_no)
|
835 |
859 |
|
836 |
860 |
return json.dumps({'result': 'success'})
|
837 |
|
-
|