deac/instiki
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Small Refactoring

Browse source 
Streamline check that non-idempotent actions are submitted via POST.
This commit is contained in:
Jacques Distler 2008-12-14 23:29:40 -06:00
parent 5d7d89d193
commit 3bef45277f
1 changed files with 16 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

41
app/controllers/admin_controller.rb
View file

@ -25,11 +25,7 @@ class AdminController < ApplicationController
def create_web def create_web
if params['address'] if params['address']
unless (request.post? || ENV["RAILS_ENV"] == "test") return unless is_post
headers['Allow'] = 'POST'
render(:status => 405, :text => 'You must use an HTTP POST', :layout => 'error')
return
end
# form submitted # form submitted
if @wiki.authenticate(params['system_password']) if @wiki.authenticate(params['system_password'])
begin begin
@ -52,11 +48,7 @@ class AdminController < ApplicationController
def edit_web def edit_web
system_password = params['system_password'] system_password = params['system_password']
if system_password if system_password
unless (request.post? || ENV["RAILS_ENV"] == "test") return unless is_post
headers['Allow'] = 'POST'
render(:status => 405, :text => 'You must use an HTTP POST', :layout => 'error')
return
end
# form submitted # form submitted
if wiki.authenticate(system_password) if wiki.authenticate(system_password)
begin begin
@ -89,11 +81,7 @@ class AdminController < ApplicationController
end end
def remove_orphaned_pages def remove_orphaned_pages
unless (request.post? || ENV["RAILS_ENV"] == "test") return unless is_post
headers['Allow'] = 'POST'
render(:status => 405, :text => 'You must use an HTTP POST', :layout => 'error')
return
end
if wiki.authenticate(params['system_password_orphaned']) if wiki.authenticate(params['system_password_orphaned'])
wiki.remove_orphaned_pages(@web_name) wiki.remove_orphaned_pages(@web_name)
flash[:info] = 'Orphaned pages removed' flash[:info] = 'Orphaned pages removed'
@ -105,11 +93,7 @@ class AdminController < ApplicationController
end end
def remove_orphaned_pages_in_category def remove_orphaned_pages_in_category
unless (request.post? || ENV["RAILS_ENV"] == "test") return unless is_post
headers['Allow'] = 'POST'
render(:status => 405, :text => 'You must use an HTTP POST', :layout => 'error')
return
end
if wiki.authenticate(params['system_password_orphaned_in_category']) if wiki.authenticate(params['system_password_orphaned_in_category'])
category = params['category'] category = params['category']
wiki.remove_orphaned_pages_in_category(@web_name, category) wiki.remove_orphaned_pages_in_category(@web_name, category)
@ -122,11 +106,7 @@ class AdminController < ApplicationController
end end
def delete_web def delete_web
unless (request.post? || ENV["RAILS_ENV"] == "test") return unless is_post
headers['Allow'] = 'POST'
render(:status => 405, :text => 'You must use an HTTP POST', :layout => 'error')
return
end
if wiki.authenticate(params['system_password_delete_web']) if wiki.authenticate(params['system_password_delete_web'])
@web.remove_pages(@web.select_all) @web.remove_pages(@web.select_all)
wiki.delete_web(@web_name) wiki.delete_web(@web_name)
@ -138,4 +118,15 @@ class AdminController < ApplicationController
end end
end end
private
def is_post
unless (request.post? || ENV["RAILS_ENV"] == "test")
headers['Allow'] = 'POST'
render(:status => 405, :text => 'You must use an HTTP POST', :layout => 'error')
return false
end
return true
end
end end