diff options
-rw-r--r-- | askbot/doc/source/changelog.rst | 2 | ||||
-rw-r--r-- | askbot/views/commands.py | 7 | ||||
-rw-r--r-- | askbot/views/readers.py | 2 | ||||
-rw-r--r-- | askbot/views/users.py | 1 | ||||
-rw-r--r-- | askbot/views/writers.py | 6 |
5 files changed, 17 insertions, 1 deletions
diff --git a/askbot/doc/source/changelog.rst b/askbot/doc/source/changelog.rst index b0b39382..3138110d 100644 --- a/askbot/doc/source/changelog.rst +++ b/askbot/doc/source/changelog.rst @@ -7,6 +7,8 @@ Development version (not released yet) ``ALLOW_UNICODE_SLUGS = True`` (Evgeny) * added verification of the project directory name to make sure it does not contain a `.` (dot) symbol (Evgeny) +* made askbot compatible with django's `CSRFViewMiddleware` + that may be used for other projects (Evgeny) 0.7.36 (Dec 20, 2011) --------------------- diff --git a/askbot/views/commands.py b/askbot/views/commands.py index 2022b148..3aeba161 100644 --- a/askbot/views/commands.py +++ b/askbot/views/commands.py @@ -78,6 +78,7 @@ def process_vote(user = None, vote_direction = None, post = None): return response_data +@csrf.csrf_exempt def manage_inbox(request): """delete, mark as new or seen user's response memo objects, excluding flags @@ -136,6 +137,7 @@ def manage_inbox(request): return HttpResponse(data, mimetype="application/json") +@csrf.csrf_exempt def vote(request, id): """ todo: this subroutine needs serious refactoring it's too long and is hard to understand @@ -346,6 +348,7 @@ def vote(request, id): return HttpResponse(data, mimetype="application/json") #internally grouped views - used by the tagging system +@csrf.csrf_exempt @decorators.ajax_login_required def mark_tag(request, **kwargs):#tagging system action = kwargs['action'] @@ -473,6 +476,7 @@ def api_get_questions(request): raise ValidationError('InvalidInput') +@csrf.csrf_exempt @decorators.ajax_login_required def set_tag_filter_strategy(request): """saves data in the ``User.display_tag_filter_strategy`` @@ -548,6 +552,7 @@ def reopen(request, id):#re-open question return HttpResponseRedirect(question.get_absolute_url()) +@csrf.csrf_exempt @decorators.ajax_only def swap_question_with_answer(request): """receives two json parameters - answer id @@ -565,6 +570,7 @@ def swap_question_with_answer(request): } raise Http404 +@csrf.csrf_exempt @decorators.ajax_only @decorators.post_only def upvote_comment(request): @@ -585,6 +591,7 @@ def upvote_comment(request): return {'score': comment.score} #askbot-user communication system +@csrf.csrf_exempt def read_message(request):#marks message a read if request.method == "POST": if request.POST['formdata'] == 'required': diff --git a/askbot/views/readers.py b/askbot/views/readers.py index 2c637f36..8a4eedf9 100644 --- a/askbot/views/readers.py +++ b/askbot/views/readers.py @@ -598,6 +598,7 @@ def revisions(request, id, object_name=None): } return render_into_skin('revisions.html', data, request) +@csrf.csrf_exempt @ajax_only @anonymous_forbidden @get_only @@ -611,6 +612,7 @@ def get_comment(request): request.user.assert_can_edit_comment(comment) return {'text': comment.comment} +@csrf.csrf_exempt @ajax_only @get_only def get_question_body(request): diff --git a/askbot/views/users.py b/askbot/views/users.py index 935bf4fa..7a62ef56 100644 --- a/askbot/views/users.py +++ b/askbot/views/users.py @@ -1023,6 +1023,7 @@ def user(request, id, slug=None, tab_name=None): } return user_view_func(request, profile_owner, context) +@csrf.csrf_exempt def update_has_custom_avatar(request): """updates current avatar type data for the user """ diff --git a/askbot/views/writers.py b/askbot/views/writers.py index 5f073b37..c1bbc9be 100644 --- a/askbot/views/writers.py +++ b/askbot/views/writers.py @@ -44,6 +44,7 @@ QUESTIONS_PAGE_SIZE = 10 # used in answers ANSWERS_PAGE_SIZE = 10 +@csrf.csrf_exempt def upload(request):#ajax upload file to a question or answer """view that handles file upload via Ajax """ @@ -288,7 +289,7 @@ def ask(request):#view used to ask a new question return render_into_skin('ask.html', data, request) @login_required -#@csrf.csrf_protect remove for ajax +@csrf.csrf_exempt def retag_question(request, id): """retag question view """ @@ -575,6 +576,7 @@ def __generate_comments_json(obj, user):#non-view generates json data for the po data = simplejson.dumps(json_comments) return HttpResponse(data, mimetype="application/json") +@csrf.csrf_exempt @decorators.check_spam('comment') def post_comments(request):#generic ajax handler to load comments to an object # only support get post comments by ajax now @@ -615,6 +617,7 @@ def post_comments(request):#generic ajax handler to load comments to an object raise Http404 @decorators.ajax_only +@csrf.csrf_exempt @decorators.check_spam('comment') def edit_comment(request): if request.user.is_authenticated(): @@ -646,6 +649,7 @@ def edit_comment(request): _('Sorry, anonymous users cannot edit comments') ) +@csrf.csrf_exempt def delete_comment(request): """ajax handler to delete comment """ |