0002-forms-don-t-let-autosave-with-errors-modify-user-ses.patch

Frédéric Péters, 20 janvier 2016 14:32

Voir les différences: en ligne côte à côte

Subject: [PATCH 2/4] forms: don't let autosave() with errors modify user
 session (#9701)

 wcs/forms/root.py          | 1 +
 wcs/qommon/http_request.py | 1 +
 wcs/qommon/publisher.py    | 3 ++-
 3 files changed, 4 insertions(+), 1 deletion(-)

wcs/forms/root.py
821	821	def autosave(self):
822	822	get_response().set_content_type('application/json')
823	823	def result_error(reason):
	824	get_request().ignore_session = True
824	825	return json.dumps({'result': 'error', 'reason': reason})
825	826
826	827	if not get_session().has_form_token(get_request().form.get('_ajax_form_token')):

wcs/qommon/http_request.py
30	30	self.response = HTTPResponse()
31	31	self.charset = get_publisher().site_charset
32	32	self.is_json_marker = None
	33	self.ignore_session = False
33	34
34	35	_user = () # use empty tuple instead of None as None is a "valid" user value
35	36	def get_user(self):

             client.captureException(exc_tuple, extra=extra, tags=tags)
         def finish_successful_request(self):
             Publisher.finish_successful_request(self)
             if not self.get_request().ignore_session:
                 self.session_manager.finish_successful_request()
             self.statsd.increment('successful-request')
         def finish_failed_request(self):
+    -

Projet

Général

Profil

Produits Entr'ouvert » w.c.s.

0002-forms-don-t-let-autosave-with-errors-modify-user-ses.patch