Commitda96fee

committed

Merge pull requestpython#857 from malemburg/master

Disable anonymous postings by returning a 404.

2 parentsca4fdf5 +1fcd1e3 commitda96feeCopy full SHA for da96fee

File tree

+12

-8

lines changed

+12

-8

lines changed

Lines changed: 4 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -193,6 +193,10 @@ def test_job_create(self):`
`193`	`193`	`'email':'hr@company.com'`
`194`	`194`	`}`
`195`	`195`
	`196`	`+# Check that anonymous posting is not allowed. See #852.`
	`197`	`+response=self.client.post(url,post_data)`
	`198`	`+self.assertEqual(response.status_code,404)`
	`199`	`+`
`196`	`200`	`if0:`
`197`	`201`	`# Disabled for now, until we have found a better solution`
`198`	`202`	`# to fight spammers. See #852.`

Lines changed: 8 additions & 8 deletions

Original file line number	Diff line number	Diff line change
`@@ -278,14 +278,14 @@ def get_form_kwargs(self):`
`278`	`278`
`279`	`279`	`defform_valid(self,form):`
`280`	`280`	`""" set the creator to the current user """`
`281`		`-# Associate Job to user if they are logged in`
`282`		`-ifself.request.user.is_authenticated():`
`283`		`-form.instance.creator=self.request.user`
`284`		`-else:`
`285`		`-# Temporary measure against spammers. See #852.`
`286`		`-returnsuper().form_invalid(form)`
`287`		`-returnsuper().form_valid(form)`
`288`		`-`
	`281`	`+`
	`282`	`+# Don't allow anonymous postings; see #852.`
	`283`	`+ifnotself.request.user.is_authenticated():`
	`284`	`+raiseHttp404`
	`285`	`+`
	`286`	`+# Associate Job to user`
	`287`	`+form.instance.creator=self.request.user`
	`288`	`+returnsuper().form_valid(form)`
`289`	`289`
`290`	`290`
`291`	`291`	`classJobEdit(JobMixin,UpdateView):`

Comments

(0)