| 1 | --- ../../../django-trunk/django/contrib/formtools/wizard.py 2009-05-08 11:58:20.000000000 -0700
|
|---|
| 2 | +++ wizard.py 2009-06-12 16:00:07.000000000 -0700
|
|---|
| 3 | @@ -4,8 +4,6 @@
|
|---|
| 4 | stored on the server side.
|
|---|
| 5 | """
|
|---|
| 6 |
|
|---|
| 7 | -import cPickle as pickle
|
|---|
| 8 | -
|
|---|
| 9 | from django import forms
|
|---|
| 10 | from django.conf import settings
|
|---|
| 11 | from django.http import Http404
|
|---|
| 12 | @@ -62,8 +60,18 @@
|
|---|
| 13 | # TODO: Move "hash_%d" to a method to make it configurable.
|
|---|
| 14 | for i in range(current_step):
|
|---|
| 15 | form = self.get_form(i, request.POST)
|
|---|
| 16 | - if request.POST.get("hash_%d" % i, '') != self.security_hash(request, form):
|
|---|
| 17 | - return self.render_hash_failure(request, i)
|
|---|
| 18 | + # Handle formsets
|
|---|
| 19 | + if issubclass(form.__class__,forms.formsets.BaseFormSet):
|
|---|
| 20 | + # checkhash for management form
|
|---|
| 21 | + if request.POST.get("hash_%d" % i, '') != self.security_hash(request, form.management_form):
|
|---|
| 22 | + return self.render_hash_failure(request, i)
|
|---|
| 23 | + for f in form.forms:
|
|---|
| 24 | + # check hash in every form
|
|---|
| 25 | + if request.POST.get("hash_%d_%s" % (i,f.prefix)) != self.security_hash(request,f):
|
|---|
| 26 | + return self.render_hash_failure(request,i)
|
|---|
| 27 | + else:
|
|---|
| 28 | + if request.POST.get("hash_%d" % i, '') != self.security_hash(request, form):
|
|---|
| 29 | + return self.render_hash_failure(request, i)
|
|---|
| 30 | self.process_step(request, form, i)
|
|---|
| 31 |
|
|---|
| 32 | # Process the current step. If it's valid, go to the next step or call
|
|---|
| 33 | @@ -107,8 +115,20 @@
|
|---|
| 34 | for i in range(step):
|
|---|
| 35 | old_form = self.get_form(i, old_data)
|
|---|
| 36 | hash_name = 'hash_%s' % i
|
|---|
| 37 | - prev_fields.extend([bf.as_hidden() for bf in old_form])
|
|---|
| 38 | - prev_fields.append(hidden.render(hash_name, old_data.get(hash_name, self.security_hash(request, old_form))))
|
|---|
| 39 | + # handle formsets
|
|---|
| 40 | + if issubclass(old_form.__class__,forms.formsets.BaseFormSet):
|
|---|
| 41 | + # do management form and generate hash
|
|---|
| 42 | + prev_fields.extend([bf.as_hidden() for bf in old_form.management_form])
|
|---|
| 43 | + prev_fields.append(hidden.render(hash_name, old_data.get(hash_name, self.security_hash(request, old_form.management_form))))
|
|---|
| 44 | + for f in old_form.forms:
|
|---|
| 45 | + # do each form and generate a hash for each
|
|---|
| 46 | + hash_name = 'hash_%s_%s' % (i,f.prefix)
|
|---|
| 47 | + prev_fields.extend([bf.as_hidden() for bf in f])
|
|---|
| 48 | + prev_fields.append(hidden.render(hash_name, old_data.get(hash_name, self.security_hash(request, f))))
|
|---|
| 49 | + else:
|
|---|
| 50 | + prev_fields.extend([bf.as_hidden() for bf in old_form])
|
|---|
| 51 | + prev_fields.append(hidden.render(hash_name, old_data.get(hash_name, self.security_hash(request, old_form))))
|
|---|
| 52 | +
|
|---|
| 53 | return self.render_template(request, form, ''.join(prev_fields), step, context)
|
|---|
| 54 |
|
|---|
| 55 | # METHODS SUBCLASSES MIGHT OVERRIDE IF APPROPRIATE ########################
|
|---|