github/reddit
1
1
Fork 0
mirror of https://github.com/reddit-archive/reddit.git synced 2026-04-27 03:00:12 -04:00
Code Issues Packages Projects Releases Wiki Activity

wiki: Add modhash checking.

Browse Source
This commit is contained in:
Andre D
2012-10-01 06:40:25 -05:00
committed by Neil Williams
parent f66ce75c90
commit 9e8c66fab8
3 changed files with 24 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
r2/r2/controllers/wiki.py
View File

@@ -34,7 +34,7 @@ from r2.models.builder import WikiRevisionBuilder, WikiRecentRevisionBuilder
from r2.lib.template_helpers import join_urls
from r2.controllers.validator import VMarkdown, nop
from r2.controllers.validator import VMarkdown, VModhash, nop
from r2.controllers.validator.wiki import (VWikiPage, VWikiPageAndVersion,
VWikiModerator, VWikiPageRevise,
@@ -189,9 +189,10 @@ class WikiController(RedditController):
settings = {'permlevel': page._get('permlevel', 0)}
mayedit = page.get_editors()
return WikiSettings(settings, mayedit, show_settings=not page.special).render()
@wiki_validate(page=VWikiPage('page', restricted=True, modonly=True),\
permlevel=VInt('permlevel'))
@wiki_validate(VModhash(),
page=VWikiPage('page', restricted=True, modonly=True),
permlevel=VInt('permlevel'))
def POST_wiki_settings(self, page, permlevel):
oldpermlevel = page.permlevel
try:
@@ -230,7 +231,8 @@ class WikiController(RedditController):
c.wikidisabled = True
class WikiApiController(WikiController):
@wiki_validate(pageandprevious=VWikiPageRevise(('page', 'previous'), restricted=True),
@wiki_validate(VModhash(),
pageandprevious=VWikiPageRevise(('page', 'previous'), restricted=True),
content=VMarkdown(('content')),
page_name=nop('page'))
def POST_wiki_edit(self, pageandprevious, content, page_name):
@@ -274,8 +276,9 @@ class WikiApiController(WikiController):
except ConflictException as e:
self.handle_error(409, 'EDIT_CONFLICT', newcontent=e.new, newrevision=page.revision, diffcontent=e.htmldiff)
return json.dumps({})
@wiki_validate(VWikiModerator(),
@wiki_validate(VModhash(),
VWikiModerator(),
page=VWikiPage('page'),
act=VOneOf('act', ('del', 'add')),
user=VExistingUname('username'),
@@ -291,7 +294,8 @@ class WikiApiController(WikiController):
self.handle_error(400, 'INVALID_ACTION')
return json.dumps({})
@wiki_validate(VWikiModerator(),
@wiki_validate(VModhash(),
VWikiModerator(),
pv=VWikiPageAndVersion(('page', 'revision')))
def POST_wiki_revision_hide(self, pv):
page, revision = pv
@@ -299,7 +303,8 @@ class WikiApiController(WikiController):
self.handle_error(400, 'INVALID_REVISION')
return json.dumps({'status': revision.toggle_hide()})
@wiki_validate(VWikiModerator(),
@wiki_validate(VModhash(),
VWikiModerator(),
pv=VWikiPageAndVersion(('page', 'revision')))
def POST_wiki_revision_revert(self, pv):
page, revision = pv

11
r2/r2/public/static/js/wiki.js
View File

@@ -1,4 +1,10 @@
r.wiki = {
request: function(req) {
if (reddit.logged)
req.data.uh = r.config.modhash
$.ajax(req)
},
baseApiUrl: function() {
return r.wiki.baseUrl(true)
},
@@ -25,7 +31,7 @@ r.wiki = {
url = r.wiki.baseApiUrl() + '/hide',
$this_parent = $this.parents('.revision')
$this_parent.toggleClass('hidden')
$.ajax({
r.wiki.request({
url: url,
type: 'POST',
dataType: 'json',
@@ -51,7 +57,7 @@ r.wiki = {
$('#usereditallowerror').hide()
var $this = $(event.target),
url = r.wiki.baseApiUrl() + '/alloweditor/add'
$.ajax({
r.wiki.request({
url: url,
type: 'POST',
data: {
@@ -71,6 +77,7 @@ r.wiki = {
submitEdit: function(event) {
event.preventDefault()
var $this = $(event.target),
params = {},
url = r.wiki.baseApiUrl() + '/edit',
conflict = $('#wiki_edit_conflict'),
special = $('#wiki_special_error')

1
r2/r2/templates/wikipagesettings.html
View File

@@ -30,6 +30,7 @@
<div class="fancy-settings">
%if thing.show_settings:
<form id="pagesettings" method="post">
<input type="hidden" name="uh" value="${c.modhash}" />
<%utils:line_field title=" ${_('who can edit this page?')}">
<input type="radio" name="permlevel" id="permlevel0" value="0"
%if thing.permlevel == 0: