Mercurial > farol
changeset 103:8a9fdf02bf5b
Don't allow a GET request to modify the server state
| author | Benoît Allard <benoit.allard@greenbone.net> |
|---|---|
| date | Tue, 14 Oct 2014 10:36:12 +0200 |
| parents | 65341d05a8f8 |
| children | 0e0572780aff |
| files | farol/cache.py farol/templates/cache/load.j2 |
| diffstat | 2 files changed, 1 insertions(+), 44 deletions(-) [+] |
line wrap: on
line diff
--- a/farol/cache.py Tue Oct 14 10:25:43 2014 +0200 +++ b/farol/cache.py Tue Oct 14 10:36:12 2014 +0200 @@ -102,15 +102,8 @@ del_current() return redirect(url_for('new')) -@mod.route('/load/<element>', methods=['GET', 'POST']) +@mod.route('/load/<element>', methods=['POST']) def load(element): - if request.method != 'POST': - if has_current(): - # Suggest to save first - return render_template('cache/load.j2', element=element) - - # Ouch, GET request changing state of the server ... - dirname = _caching_dir() element = secure_filename(element) if dirname is None:
--- a/farol/templates/cache/load.j2 Tue Oct 14 10:25:43 2014 +0200 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,36 +0,0 @@ -{# -# Description: -# Web Template used in Farol Design -# -# Authors: -# BenoƮt Allard <benoit.allard@greenbone.net> -# -# Copyright: -# Copyright (C) 2014 Greenbone Networks GmbH -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License -# as published by the Free Software Foundation; either version 2 -# of the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. --#} - -{% extends "base.j2" %} -{% from "macros.j2" import textinput %} -{% block title %}Edit the title{% endblock %} - -{% block content %} -<p>You asked to load {{ element }}, but you still have an unsaved document loaded. Do you want to <a href="{{ url_for('.save') }}">save</a> it first ?</p> -<form role="form" method="POST"> -<button class="btn btn-primary" type="submit">Load "{{ element }}"</button> -<a class="btn btn-danger" href="{{ url_for('welcome') }}">Cancel</a> -</form> -{% endblock %}