From: Andreas Z. <svn...@pl...> - 2008-02-15 23:10:46
|
Author: witsch Date: Fri Feb 15 23:10:51 2008 New Revision: 19330 Added: CMFPlone/branches/plip224-csrf-protection/skins/plone_form_scripts/validate_authenticated_form.vpy Modified: CMFPlone/branches/plip224-csrf-protection/configure.zcml Log: added formcontroller validator script and zcml slug (no salt yet) Modified: CMFPlone/branches/plip224-csrf-protection/configure.zcml ============================================================================== --- CMFPlone/branches/plip224-csrf-protection/configure.zcml (original) +++ CMFPlone/branches/plip224-csrf-protection/configure.zcml Fri Feb 15 23:10:51 2008 @@ -15,6 +15,7 @@ <include package="plone.app.linkintegrity" /> <include package="plone.app.openid" /> <include package="plone.app.portlets" /> + <include package="plone.app.protect" /> <include package="plone.app.redirector" /> <include package="plone.app.viewletmanager" /> <include package="plone.app.vocabularies" /> Added: CMFPlone/branches/plip224-csrf-protection/skins/plone_form_scripts/validate_authenticated_form.vpy ============================================================================== --- (empty file) +++ CMFPlone/branches/plip224-csrf-protection/skins/plone_form_scripts/validate_authenticated_form.vpy Fri Feb 15 23:10:51 2008 @@ -0,0 +1,16 @@ +## Controlled Python Script "validate_authenticated_form" +##bind container=container +##bind context=context +##bind namespace= +##bind script=script +##bind state=state +##bind subpath=traverse_subpath +##parameters= +##title=Validates a CSRF protection authenticator token +## +# from Products.CMFPlone.utils import verifyAuthenticator + +authenticator = context.restrictedTraverse('@@authenticator', None) +if authenticator is not None and not authenticator.verify(): + raise 'Unauthorized', 'invalid authenticator token' +return state |