]> git.openstreetmap.org Git - osqa.git/blobdiff - forum/middleware/request_utils.py
allow only AJAX requests for post votes, otherwise it makes CSRF possible
[osqa.git] / forum / middleware / request_utils.py
index 46d56b73f9add106b03b896ad8d6e75bec51fa27..e7fd7403a8ed3697e1563000aa1916d655276822 100644 (file)
@@ -1,46 +1,28 @@
-from forum.settings import MAINTAINANCE_MODE, APP_LOGO, APP_TITLE\r
-from django.http import HttpResponseGone\r
-from django.template.loader import render_to_string\r
-\r
-\r
-class RequestUtils(object):\r
-    def __init__(self):\r
-        self.request = None\r
-\r
-    def set_sort_method(self, sort):\r
-        self.request.session['questions_sort_method'] = sort\r
-\r
-    def sort_method(self, default):\r
-        sort = self.request.REQUEST.get('sort', None)\r
-        if sort is None:\r
-            return self.request.session.get('questions_sort_method', default)\r
-        else:\r
-            self.set_sort_method(sort)\r
-            return sort\r
-\r
-    def page_size(self, default):\r
-        pagesize = self.request.REQUEST.get('pagesize', None)\r
-        if pagesize is None:\r
-            return int(self.request.session.get('questions_pagesize', default))\r
-        else:\r
-            self.request.session['questions_pagesize'] = pagesize\r
-            return int(pagesize)\r
-\r
-    def process_request(self, request):\r
-        if MAINTAINANCE_MODE.value is not None and isinstance(MAINTAINANCE_MODE.value.get('allow_ips', None), list):\r
-            ip = request.META['REMOTE_ADDR']\r
-\r
-            if not ip in MAINTAINANCE_MODE.value['allow_ips']:\r
-                return HttpResponseGone(render_to_string('410.html', {\r
-                    'message': MAINTAINANCE_MODE.value.get('message', ''),\r
-                    'app_logo': APP_LOGO,\r
-                    'app_title': APP_TITLE\r
-                }))\r
-\r
-        if request.session.get('redirect_POST_data', None):\r
-            request.POST = request.session.pop('redirect_POST_data')\r
-            request.META['REQUEST_METHOD'] = "POST"\r
-\r
-        self.request = request\r
-        request.utils = self\r
-        return None
\ No newline at end of file
+import forum
+
+from forum.settings import MAINTAINANCE_MODE, APP_LOGO, APP_TITLE
+
+from forum.http_responses import HttpResponseServiceUnavailable
+
+
+
+class RequestUtils(object):
+    def process_request(self, request):
+        if MAINTAINANCE_MODE.value is not None and isinstance(MAINTAINANCE_MODE.value.get('allow_ips', None), list):
+            ip = request.META['REMOTE_ADDR']
+
+            if not ip in MAINTAINANCE_MODE.value['allow_ips']:
+                return HttpResponseServiceUnavailable(MAINTAINANCE_MODE.value.get('message', ''))
+
+        if request.session.get('redirect_POST_data', None):
+            request.POST = request.session.pop('redirect_POST_data')
+            request.META['REQUEST_METHOD'] = "POST"
+
+        self.request = request
+        forum.REQUEST_HOLDER.request = request
+        return None
+
+    def process_response(self, request, response):
+        forum.REQUEST_HOLDER.request = None
+        return response
+