fnp / redakcja.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
filebrowser csrf issues fix
[redakcja.git] / apps / filebrowser / views.py
diff --git a/apps/filebrowser/views.py b/apps/filebrowser/views.py
index 7c2967a..80ed696 100644 (file)
--- a/apps/filebrowser/views.py
+++ b/apps/filebrowser/views.py
@@ -15,6 +15,7 @@ from django import forms
 from django.core.urlresolvers import reverse
 from django.core.exceptions import ImproperlyConfigured
 from django.dispatch import Signal
 from django.core.urlresolvers import reverse
 from django.core.exceptions import ImproperlyConfigured
 from django.dispatch import Signal
+from django.views.decorators.csrf import csrf_exempt
 
 from django.utils.encoding import smart_unicode, smart_str
 
 
 from django.utils.encoding import smart_unicode, smart_str
 
@@ -186,6 +187,7 @@ def mkdir(request):
 mkdir = staff_member_required(never_cache(mkdir))
 
 
 mkdir = staff_member_required(never_cache(mkdir))
 
 
+@csrf_exempt
 def upload(request):
     """
     Multipe File Upload.
 def upload(request):
     """
     Multipe File Upload.
@@ -217,6 +219,7 @@ def upload(request):
 upload = staff_member_required(never_cache(upload))
 
 
 upload = staff_member_required(never_cache(upload))
 
 
+@csrf_exempt
 def _check_file(request):
     """
     Check if file already exists on the server.
 def _check_file(request):
     """
     Check if file already exists on the server.
@@ -249,6 +252,7 @@ def _upload_file(request):
     Upload file to the server.
     """
 
     Upload file to the server.
     """
 
+    print 'a'
     from django.core.files.move import file_move_safe
 
     if request.method == 'POST':
     from django.core.files.move import file_move_safe
 
     if request.method == 'POST':
@@ -272,7 +276,7 @@ def _upload_file(request):
             # POST UPLOAD SIGNAL
             filebrowser_post_upload.send(sender=request, path=request.POST.get('folder'), file=FileObject(os.path.join(DIRECTORY, folder, filedata.name)))
     return HttpResponse('True')
             # POST UPLOAD SIGNAL
             filebrowser_post_upload.send(sender=request, path=request.POST.get('folder'), file=FileObject(os.path.join(DIRECTORY, folder, filedata.name)))
     return HttpResponse('True')
-_upload_file = flash_login_required(_upload_file)
+_upload_file = csrf_exempt(flash_login_required(_upload_file))
 
 
 # delete signals
 
 
 # delete signals