Mercurial Mercurial > leezam / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | zip | gz | bz2 | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
csrf protection unplug
authorymh <ymh.work@gmail.com>
Wed, 17 Nov 2010 10:28:55 +0100
changeset 15 37e051f2264d
parent 14 446e0fd2ae55
child 16 d0f617472760
csrf protection unplug
web/ldt/text/views.py file | annotate | diff | comparison | revisions
web/leezam/config.py.tmpl file | annotate | diff | comparison | revisions
web/leezam/settings.py file | annotate | diff | comparison | revisions 
--- a/web/ldt/text/views.py	Wed Nov 17 01:25:52 2010 +0100
+++ b/web/ldt/text/views.py	Wed Nov 17 10:28:55 2010 +0100
@@ -12,12 +12,13 @@
 from django.template.loader import render_to_string
 from django.utils.html import escape
 from django.utils.translation import ugettext as _, ungettext
+from django.views.decorators.csrf import csrf_exempt
 from httplib import CONFLICT
 from ldt.core.models import Owner
+from ldt.text.models import *
 from ldt.text.utils import boolean_convert
 from lxml import etree
 from lxml.html import fromstring, fragment_fromstring
-from ldt.text.models import *
 from string import Template
 from urllib2 import urlparse
 from utils import *
@@ -99,8 +100,10 @@
 ## Creates an annotation from a urlencoded xml content
 ## Returns an xml-structured annotation
 #@login_required
+@csrf_exempt
 def create_annotation(request, content):
-    cont = base64.urlsafe_b64decode(str(request.POST["content"]))
+    #cont = base64.urlsafe_b64decode(str(request.POST["content"]))
+    cont = str(request.POST["content"])
     doc = lxml.etree.fromstring(cont)
     
     id = unicode(doc.xpath("/iri/text-annotation/id/text()")[0])
@@ -188,6 +191,7 @@
 ## Deletes an annotation (from its id)
 ## Returns an empty xml-structured annotation
 #@login_required
+@csrf_exempt
 def delete_annotation(request, id):
     try:
         annot = Annotation.objects.get(external_id=request.POST["id"])
@@ -204,6 +208,7 @@
 ## Updates the content of an annotation
 ## Returns the xml-structured updated annotation
 #@login_required
+@csrf_exempt
 def update_annotation(request, content, id):
     try:
         annot = Annotation.objects.get(external_id=request.POST["id"])
--- a/web/leezam/config.py.tmpl	Wed Nov 17 01:25:52 2010 +0100
+++ b/web/leezam/config.py.tmpl	Wed Nov 17 10:28:55 2010 +0100
@@ -2,7 +2,7 @@
 
 SITE_ID = 1
 
-BASE_DIR = os.path.dirname(os.path.abspath(__file__)).lstrip("/")+"/"
+BASE_DIR = os.path.dirname(os.path.abspath(__file__)).rstrip("/")+"/"
 BASE_URL = '/~ymh/leezam/'
 WEB_URL = 'http://localhost/'
 MEDIA_BASE_URL = BASE_URL + 'static/'
--- a/web/leezam/settings.py	Wed Nov 17 01:25:52 2010 +0100
+++ b/web/leezam/settings.py	Wed Nov 17 10:28:55 2010 +0100
@@ -75,7 +75,7 @@
 MIDDLEWARE_CLASSES = (
     'django.middleware.common.CommonMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
-    'django.middleware.csrf.CsrfViewMiddleware',
+#    'django.middleware.csrf.CsrfViewMiddleware',
     'django.contrib.auth.middleware.AuthenticationMiddleware',
     'django.middleware.locale.LocaleMiddleware',
     'django.contrib.messages.middleware.MessageMiddleware',
leezam