]> git.openstreetmap.org Git - osqa.git/blobdiff - forum/urls.py
allow only AJAX requests for post votes, otherwise it makes CSRF possible
[osqa.git] / forum / urls.py
index 0168b8efb114309fdad957edd0c805f9f25b9a58..fd82f7f7707e213f933024032d95c6afbfee14eb 100644 (file)
@@ -23,6 +23,12 @@ try:
 except AttributeError:
     admin_url = url(r'^%s(.*)' % _('nimda/'), admin.site.urls)
 
+# Choose the user urls pattern
+if bool(settings.INCLUDE_ID_IN_USER_URLS.value):
+    core_user_urls_prefix = r'^%s(?P<id>\d+)/(?P<slug>.*)'
+else:
+    core_user_urls_prefix = r'^%s(?P<slug>.*)'
+
 core_urls = (
     url(r'^$', app.readers.index, name='index'), admin_url,
                         
@@ -46,7 +52,6 @@ core_urls = (
     url(r'^%s(?P<id>\d+)/$' % _('revisions/'), app.readers.revisions, name='revisions'),
     url(r'^%s$' % _('questions/'), app.readers.questions, name='questions'),
     url(r'^%s%s$' % (_('questions/'), _('ask/')), app.writers.ask, name='ask'),
-    url(r'^canned_comments/(?P<post_id>\d+)/$', app.commands.canned_comments, name='canned_comments'),
     url(r'^%s%s$' % (_('questions/'), _('related_questions/')), app.commands.related_questions, name='related_questions'),
 
     url(r'^%s%s$' % (_('questions/'), _('unanswered/')), app.readers.unanswered, name='unanswered'),
@@ -95,17 +100,17 @@ core_urls = (
     url(r'^%s$' % _('users/'), app.users.users, name='users'),
     # url(r'^%s$' % _('online_users/'), app.users.online_users, name='online_users'),    
     
-    url(r'^%s(?P<id>\d+)/%s$' % (_('users/'), _('edit/')), app.users.edit_user, name='edit_user'),
+    url(r'^%s(?P<id>\d+)/(?P<slug>.*)/%s$' % (_('users/'), _('edit/')), app.users.edit_user, name='edit_user'),
     url(r'^%s(?P<id>\d+)/%s$' % (_('users/'), _('award/')), app.users.award_points, name='user_award_points'),
     url(r'^%s(?P<id>\d+)/%s$' % (_('users/'), _('suspend/')), app.users.suspend, name='user_suspend'),
     url(r'^%s(?P<id>\d+)/%s(?P<action>[a-z]+)/(?P<status>[a-z]+)/$' % (_('users/'), _('powers/')), app.users.user_powers, name='user_powers'),
-    url(r'^%s(?P<id>\d+)/(?P<slug>.*)/%s$' % (_('users/'), _('subscriptions/')), app.users.user_subscriptions, name='user_subscriptions'),
+    url((core_user_urls_prefix + '/%s$') % (_('users/'), _('subscriptions/')), app.users.user_subscriptions, name='user_subscriptions'),
     url(r'^%s(?P<id>\d+)/(?P<slug>.*)/%s$' % (_('users/'), _('preferences/')), app.users.user_preferences, name='user_preferences'),
     url(r'^%s(?P<id>\d+)/(?P<slug>.*)/%s$' % (_('users/'), _('favorites/')), app.users.user_favorites, name='user_favorites'),
     url(r'^%s(?P<id>\d+)/(?P<slug>.*)/%s$' % (_('users/'), _('reputation/')), app.users.user_reputation, name='user_reputation'),
     url(r'^%s(?P<id>\d+)/(?P<slug>.*)/%s$' % (_('users/'), _('votes/')), app.users.user_votes, name='user_votes'),
     url(r'^%s(?P<id>\d+)/(?P<slug>.*)/%s$' % (_('users/'), _('recent/')), app.users.user_recent, name='user_recent'),
-    url(r'^%s(?P<id>\d+)/(?P<slug>.*)$' % _('users/'), app.users.user_profile, name='user_profile'),
+    url(core_user_urls_prefix % _('users/'), app.users.user_profile, name='user_profile'),
     url(r'^%s$' % _('badges/'), app.meta.badges, name='badges'),
     url(r'^%s(?P<id>\d+)/(?P<slug>[\w-]+)?$' % _('badges/'), app.meta.badge, name='badge'),
     # (r'^admin/doc/' % _('admin/doc'), include('django.contrib.admindocs.urls')),