Ticket #9583: django_formwizard_hash.patch
| File django_formwizard_hash.patch, 1.7 KB (added by , 15 years ago) |
|---|
-
django/contrib/formtools/wizard.py
59 62 raise Http404('Step %s does not exist' % current_step) 60 63 61 64 # For each previous step, verify the hash and process. 62 # TODO: Move "hash_%d" to a method to make it configurable.63 65 for i in range(current_step): 64 66 form = self.get_form(i, request.POST) 65 if request.POST.get( "hash_%d" % i, '') != self.security_hash(request, form):67 if request.POST.get(self.hash_field_for_step(i), '') != self.security_hash(request, form): 66 68 return self.render_hash_failure(request, i) 67 69 self.process_step(request, form, i) 68 70 … … 106 108 # Collect all data from previous steps and render it as HTML hidden fields. 107 109 for i in range(step): 108 110 old_form = self.get_form(i, old_data) 109 hash_name = 'hash_%s' % i111 hash_name = self.hash_field_for_step(i) 110 112 prev_fields.extend([bf.as_hidden() for bf in old_form]) 111 113 prev_fields.append(hidden.render(hash_name, old_data.get(hash_name, self.security_hash(request, old_form)))) 112 114 return self.render_template(request, form, ''.join(prev_fields), step, context) … … 117 119 "Given the step, returns a Form prefix to use." 118 120 return str(step) 119 121 122 def hash_field_for_step(self, step): 123 "Given the step, returns the name of the hash field to use" 124 return 'hash_%s' % str(step) 125 120 126 def render_hash_failure(self, request, step): 121 127 """ 122 128 Hook for rendering a template if a hash check failed.