altf4arnold/datatracker
1
0
Fork 0
Code Issues Pull requests Actions 3 Packages Projects Releases Wiki Activity

Do not allow cancel submissions with GET requests. See #650

Browse source 
- Legacy-Id: 3061
This commit is contained in:
Emilio A. Sánchez López 2011-04-26 14:28:10 +00:00
parent 153cdc72fe
commit 8239d6bb80
2 changed files with 8 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
ietf/submit/views.py
View file

@ -2,7 +2,7 @@
from django.conf import settings
from django.core.urlresolvers import reverse
from django.contrib.sites.models import Site
from django.http import HttpResponseRedirect, Http404, HttpResponseForbidden
from django.http import HttpResponseRedirect, Http404, HttpResponseForbidden, HttpResponseNotAllowed
from django.shortcuts import get_object_or_404
from django.shortcuts import render_to_response
from django.template import RequestContext
@ -167,6 +167,8 @@ def draft_status(request, submission_id, submission_hash=None, message=None):
def draft_cancel(request, submission_id, submission_hash=None):
if request.method!='POST':
return HttpResponseNotAllowed(['POST'])
detail = get_object_or_404(IdSubmissionDetail, submission_id=submission_id)
can_cancel = _can_cancel(request.user, detail, submission_hash)
if not can_cancel:

12
ietf/templates/submit/draft_status.html
View file

@ -24,12 +24,8 @@ pre.twopages { margin: 0px; }
{% if can_cancel %}
<script type="text/javascript">
function confirmCancelation(){
{% if is_valid %}if (confirm("Cancel this submission?")){% endif %}
{% if submission_hash %}
document.location = "{% url draft_cancel_by_hash detail.submission_id submission_hash %}";
{% else %}
document.location = "{% url draft_cancel detail.submission_id %}";
{% endif %}
{% if is_valid %}if (!confirm("Cancel this submission?")) return false;{% endif %}
return true;
}
</script>
{% endif %}
@ -198,7 +194,9 @@ returned to the submitter.
{% if can_cancel %}
<h2>Cancel submission</h2>
<p>
<input type="button" onclick="confirmCancelation();" value="Cancel Submission" /><br>
<form method="post" onsubmit="return confirmCancelation();" action="{% url draft_cancel_by_hash detail.submission_id submission_hash %}">
<input type="submit" value="Cancel Submission" /><br>
</form>
This submission will be canceled, and its uploaded document(s) permanently deleted.
</p>
{% endif %}