Menu
▾
▴
[Plone-cvs] r19330 - in CMFPlone/branches/plip224-csrf-protection: . skins/plone_form_scripts
|
From: Andreas Z. <svn...@pl...> - 2008-02-15 23:10:46
|
Author: witsch
Date: Fri Feb 15 23:10:51 2008
New Revision: 19330
Added:
CMFPlone/branches/plip224-csrf-protection/skins/plone_form_scripts/validate_authenticated_form.vpy
Modified:
CMFPlone/branches/plip224-csrf-protection/configure.zcml
Log:
added formcontroller validator script and zcml slug (no salt yet)
Modified: CMFPlone/branches/plip224-csrf-protection/configure.zcml
==============================================================================
--- CMFPlone/branches/plip224-csrf-protection/configure.zcml (original)
+++ CMFPlone/branches/plip224-csrf-protection/configure.zcml Fri Feb 15 23:10:51 2008
@@ -15,6 +15,7 @@
<include package="plone.app.linkintegrity" />
<include package="plone.app.openid" />
<include package="plone.app.portlets" />
+ <include package="plone.app.protect" />
<include package="plone.app.redirector" />
<include package="plone.app.viewletmanager" />
<include package="plone.app.vocabularies" />
Added: CMFPlone/branches/plip224-csrf-protection/skins/plone_form_scripts/validate_authenticated_form.vpy
==============================================================================
--- (empty file)
+++ CMFPlone/branches/plip224-csrf-protection/skins/plone_form_scripts/validate_authenticated_form.vpy Fri Feb 15 23:10:51 2008
@@ -0,0 +1,16 @@
+## Controlled Python Script "validate_authenticated_form"
+##bind container=container
+##bind context=context
+##bind namespace=
+##bind script=script
+##bind state=state
+##bind subpath=traverse_subpath
+##parameters=
+##title=Validates a CSRF protection authenticator token
+##
+# from Products.CMFPlone.utils import verifyAuthenticator
+
+authenticator = context.restrictedTraverse('@@authenticator', None)
+if authenticator is not None and not authenticator.verify():
+ raise 'Unauthorized', 'invalid authenticator token'
+return state
|