expo/troggle
2
0
Fork 1
mirror of https://expo.survex.com/repositories/troggle/.git synced 2025-12-15 04:37:17 +00:00
Code Issues 18 Projects 3 Activity

Require a login if public and check for CSRF cookies for uploading images

Browse Source
This commit is contained in:
Martin Green
2022-06-26 01:15:00 +01:00
parent 24a016e76a
commit 5fbe0b31c2
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
core/views/editor_helpers.py
View File

@@ -9,6 +9,9 @@ from pathlib import Path
import django.forms as forms import django.forms as forms
import troggle.settings as settings import troggle.settings as settings
from django.views.decorators.csrf import ensure_csrf_cookie
from .auth import login_required_if_public
from troggle.lib import version_control from troggle.lib import version_control
MAX_IMAGE_WIDTH = 1000 MAX_IMAGE_WIDTH = 1000
@@ -36,6 +39,8 @@ def image_selector(request, path):
return render(request, 'image_selector.html', {'thumbnails': thumbnails}) return render(request, 'image_selector.html', {'thumbnails': thumbnails})
@login_required_if_public
@ensure_csrf_cookie
def new_image_form(request, path): def new_image_form(request, path):
'''Manages a form to upload new images''' '''Manages a form to upload new images'''
directory = path.rsplit('/', 1)[0] directory = path.rsplit('/', 1)[0]