[Pypi-checkins] r964 - trunk/pypi
richard
python-checkins at python.org
Tue Aug 23 09:19:33 CEST 2011
Author: richard
Date: Tue Aug 23 09:19:32 2011
New Revision: 964
Modified:
trunk/pypi/webui.py
Log:
catch more pages that should not have the CSRF injected
Modified: trunk/pypi/webui.py
==============================================================================
--- trunk/pypi/webui.py (original)
+++ trunk/pypi/webui.py Tue Aug 23 09:19:32 2011
@@ -338,7 +338,7 @@
content = template(**context)
# dynamic insertion of CSRF token into FORMs
- if '"POST"' in content and filename != 'pkg_edit.pt':
+ if '"POST"' in content and self.authenticated:
token = '<input type="hidden" name="CSRFToken" value="%s">' % (
self.store.get_token(self.username),)
temp = content.split('\n')
More information about the Pypi-checkins
mailing list