diff options
| -rw-r--r-- | flatpages/views.py | 11 | ||||
| -rw-r--r-- | templates/editflatpage.html | 2 | ||||
| -rw-r--r-- | templates/expobase.html | 2 |
3 files changed, 11 insertions, 4 deletions
diff --git a/flatpages/views.py b/flatpages/views.py index aa1793d..0764d55 100644 --- a/flatpages/views.py +++ b/flatpages/views.py @@ -6,6 +6,8 @@ from django.shortcuts import render, redirect from django.http import HttpResponse, HttpResponseRedirect, Http404 from django.urls import reverse, resolve from django.template import Context, loader +from django.views.decorators.csrf import ensure_csrf_cookie + import django.forms as forms from troggle.helper import login_required_if_public @@ -147,6 +149,7 @@ def getmimetype(path): return "" @login_required_if_public +@ensure_csrf_cookie def editflatpage(request, path): try: r = Cave.objects.get(url = path) @@ -156,7 +159,7 @@ def editflatpage(request, path): try: - filepath = os.path.normpath(settings.EXPOWEB + path) + filepath = Path(settings.EXPOWEB) / path o = open(filepath, "r") html = o.read() autogeneratedmatch = re.search(r"\<\!--\s*(.*?(Do not edit|auto-generated).*?)\s*--\>", html, re.DOTALL + re.IGNORECASE) @@ -174,12 +177,15 @@ def editflatpage(request, path): else: return HttpResponse("Page could not be split into header and body") except IOError: + print("### File not found ### ", filepath) filefound = False if request.method == 'POST': # If the form has been submitted... flatpageForm = FlatPageForm(request.POST) # A form bound to the POST data if flatpageForm.is_valid():# Form valid therefore write file + print("### \n", str(flatpageForm)[0:300]) + print("### \n csrfmiddlewaretoken: ",request.POST['csrfmiddlewaretoken']) if filefound: headmatch = re.match(r"(.*)<title>.*</title>(.*)", head, re.DOTALL + re.IGNORECASE) if headmatch: @@ -209,7 +215,8 @@ def editflatpage(request, path): title = "" flatpageForm = FlatPageForm({"html": body, "title": title}) else: - flatpageForm = FlatPageForm() + body = "### File not found ###\n" + str(filepath) + flatpageForm = FlatPageForm({"html": body, "title": "Missing"}) return render(request, 'editflatpage.html', {'path': path, 'form': flatpageForm, }) class FlatPageForm(forms.Form): diff --git a/templates/editflatpage.html b/templates/editflatpage.html index 0ac5506..606a47c 100644 --- a/templates/editflatpage.html +++ b/templates/editflatpage.html @@ -1,7 +1,7 @@ {% extends "expobase.html" %} {% block title %}Edit {{ path }}{% endblock %} {% block extrahead %} -{% load csrffaker %} + <!--<script src="{{ settings.TINY_MCE_MEDIA_URL }}tiny_mce.js" type="text/javascript"></script>--> <!-- <script type="text/javascript"> tinyMCE.init({ mode : "textareas" }); </script>--> {% endblock %} diff --git a/templates/expobase.html b/templates/expobase.html index 5cadb61..972a3ee 100644 --- a/templates/expobase.html +++ b/templates/expobase.html @@ -1,7 +1,7 @@ {% autoescape off %} <html> <head> -<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> +<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>{% block title %}{% endblock %}</title> <link rel="stylesheet" type="text/css" href="/css/main2.css" /> {% block extrahead %}{% endblock %} |