fnp
/
wolnelektury.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
csrf and honeypots
[wolnelektury.git]
/
apps
/
ajaxable
/
utils.py
diff --git
a/apps/ajaxable/utils.py
b/apps/ajaxable/utils.py
index
02e8767
..
52cf638
100755
(executable)
--- a/
apps/ajaxable/utils.py
+++ b/
apps/ajaxable/utils.py
@@
-10,6
+10,7
@@
from django.utils.http import urlquote_plus
from django.utils import simplejson
from django.utils.translation import ugettext_lazy as _
from django.views.decorators.vary import vary_on_headers
from django.utils import simplejson
from django.utils.translation import ugettext_lazy as _
from django.views.decorators.vary import vary_on_headers
+from honeypot.decorators import verify_honeypot_value
class LazyEncoder(simplejson.JSONEncoder):
class LazyEncoder(simplejson.JSONEncoder):
@@
-76,6
+77,7
@@
class AjaxableFormView(object):
formname = "form"
form_prefix = None
full_template = "ajaxable/form_on_page.html"
formname = "form"
form_prefix = None
full_template = "ajaxable/form_on_page.html"
+ honeypot = False
@method_decorator(vary_on_headers('X-Requested-With'))
def __call__(self, request, *args, **kwargs):
@method_decorator(vary_on_headers('X-Requested-With'))
def __call__(self, request, *args, **kwargs):
@@
-86,6
+88,11
@@
class AjaxableFormView(object):
form_kwargs['prefix'] = self.form_prefix
if request.method == "POST":
form_kwargs['prefix'] = self.form_prefix
if request.method == "POST":
+ if self.honeypot:
+ response = verify_honeypot_value(request, None)
+ if response:
+ return response
+
# do I need to be logged in?
if self.POST_login and not request.user.is_authenticated():
return require_login(request)
# do I need to be logged in?
if self.POST_login and not request.user.is_authenticated():
return require_login(request)
@@
-136,6
+143,7
@@
class AjaxableFormView(object):
context = {
self.formname: form,
"title": title,
context = {
self.formname: form,
"title": title,
+ "honeypot": self.honeypot,
"placeholdize": self.placeholdize,
"submit": self.submit,
"response_data": response_data,
"placeholdize": self.placeholdize,
"submit": self.submit,
"response_data": response_data,