From: Sascha Peilicke <saschpe@suse.de> --- src/webui/app/controllers/package_controller.rb | 32 +++++------------------ src/webui/app/controllers/project_controller.rb | 2 + src/webui/app/views/package/meta.html.erb | 2 +- src/webui/app/views/project/meta.html.erb | 2 +- src/webui/app/views/project/prjconf.html.erb | 2 +- 5 files changed, 12 insertions(+), 28 deletions(-) diff --git a/src/webui/app/controllers/package_controller.rb b/src/webui/app/controllers/package_controller.rb index 8fdf08d..b4fd34e 100644 --- a/src/webui/app/controllers/package_controller.rb +++ b/src/webui/app/controllers/package_controller.rb @@ -567,12 +567,7 @@ class PackageController < ApplicationController end def save_file - if request.method != :post - flash[:warn] = "File upload failed because this was no POST request. " + - "This probably happened because you were logged out in between. Please try again." - redirect_to :action => :files, :project => @project, :package => @package and return - end - + valid_http_methods :post file = params[:file] file_url = params[:file_url] filename = params[:filename] @@ -676,15 +671,8 @@ class PackageController < ApplicationController end def remove_file - if request.method != :post - flash[:warn] = "File removal failed because this was no POST request. " + - "This probably happened because you were logged out in between. Please try again." - redirect_to :action => :files, :project => @project, :package => @package and return - end - if not params[:filename] - flash[:note] = "Removing file aborted: no filename given." - redirect_to :action => :files, :project => @project, :package => @package - end + valid_http_methods :post + required_parameters :filename filename = params[:filename] # extra escaping of filename (workaround for rails bug) escaped_filename = URI.escape filename, "+" @@ -811,22 +799,15 @@ class PackageController < ApplicationController end def save_modified_file + valid_http_methods :post required_parameters :project, :package, :filename, :file - if request.method != :post - flash[:warn] = "Saving file failed because this was no POST request. " + - "This probably happened because you were logged out in between. Please try again." - redirect_to :action => :show, :project => params[:project], :package => params[:package] and return - end project = params[:project] package = params[:package] filename = params[:filename] - file = params[:file] - comment = params[:comment] file.gsub!( /\r\n/, "\n" ) begin - frontend.put_file(file, :project => project, :package => package, :filename => filename, :comment => comment) - flash[:note] = "Successfully saved file #{filename}" - Directory.free_cache( :project => project, :package => package ) + frontend.put_file(params[:file], :project => project, :package => package, :filename => filename, :comment => params[:comment]) + Directory.free_cache(:project => project, :package => package) rescue Timeout::Error => e flash[:error] = "Timeout when saving file. Please try again." rescue ActiveXML::Transport::Error => e @@ -1063,6 +1044,7 @@ class PackageController < ApplicationController end def save_meta + valid_http_methods :post begin frontend.put_file(params[:meta], :project => @project, :package => @package, :filename => '_meta') rescue ActiveXML::Transport::Error => e diff --git a/src/webui/app/controllers/project_controller.rb b/src/webui/app/controllers/project_controller.rb index 2d9ad9e..0e9dbcd 100644 --- a/src/webui/app/controllers/project_controller.rb +++ b/src/webui/app/controllers/project_controller.rb @@ -990,6 +990,7 @@ class ProjectController < ApplicationController end def save_meta + valid_http_methods :post begin frontend.put_file(params[:meta], :project => params[:project], :filename => '_meta') rescue ActiveXML::Transport::Error => e @@ -1014,6 +1015,7 @@ class ProjectController < ApplicationController end def save_prjconf + valid_http_methods :post frontend.put_file(params[:config], :project => params[:project], :filename => '_config') flash[:note] = "Project Config successfully saved" redirect_to :action => :prjconf, :project => params[:project] diff --git a/src/webui/app/views/package/meta.html.erb b/src/webui/app/views/package/meta.html.erb index 4a51010..442dd91 100644 --- a/src/webui/app/views/package/meta.html.erb +++ b/src/webui/app/views/package/meta.html.erb @@ -6,7 +6,7 @@ <h3><%= @pagetitle %></h3> <div style="margin-left: 15px; margin-right: 15px;"> <% if @project.can_edit?(session[:login]) %> - <%= render :partial => "shared/editor", :locals => {:text => @meta, :mode => 'xml', :save => {:url => {:controller => 'package', :action => 'save_meta'}, :data => {:project => @project, :package => @package, :meta => '@@@'}}} %> + <%= render :partial => "shared/editor", :locals => {:text => @meta, :mode => 'xml', :save => {:url => {:controller => 'package', :action => 'save_meta'}, :method => 'POST', :data => {:project => @project, :package => @package, :meta => '@@@'}}} %> <% else %> <%= render :partial => "shared/editor", :locals => {:text => @meta, :mode => 'xml', :read_only => true} %> <% end %> diff --git a/src/webui/app/views/project/meta.html.erb b/src/webui/app/views/project/meta.html.erb index 66707df..58f476b 100644 --- a/src/webui/app/views/project/meta.html.erb +++ b/src/webui/app/views/project/meta.html.erb @@ -7,7 +7,7 @@ <h3><%= @pagetitle %></h3> <div style="margin-left: 15px; margin-right: 15px;"> <% if @project.can_edit?(session[:login]) %> - <%= render :partial => "shared/editor", :locals => {:text => @meta, :mode => 'xml', :save => {:url => {:controller => 'project', :action => 'save_meta'}, :data => {:project => @project, :meta => '@@@'}}} %> + <%= render :partial => "shared/editor", :locals => {:text => @meta, :mode => 'xml', :save => {:url => {:controller => 'project', :action => 'save_meta'}, :method => 'POST', :data => {:project => @project, :meta => '@@@'}}} %> <% else %> <%= render :partial => "shared/editor", :locals => {:text => @meta, :mode => 'xml'} %> <% end %> diff --git a/src/webui/app/views/project/prjconf.html.erb b/src/webui/app/views/project/prjconf.html.erb index 2cdb276..4259c90 100644 --- a/src/webui/app/views/project/prjconf.html.erb +++ b/src/webui/app/views/project/prjconf.html.erb @@ -7,7 +7,7 @@ <h3><%= @pagetitle %></h3> <div style="margin-left: 15px; margin-right: 15px;"> <% if @project.can_edit?(session[:login]) %> - <%= render :partial => "shared/editor", :locals => {:text => @config, :mode => 'spec', :save => {:url => {:controller => 'project', :action => 'save_prjconf'}, :data => {:project => @project, :config => '@@@'}}} %> + <%= render :partial => "shared/editor", :locals => {:text => @config, :mode => 'spec', :save => {:url => {:controller => 'project', :action => 'save_prjconf'}, :method => 'POST', :data => {:project => @project, :config => '@@@'}}} %> <% else %> <%= render :partial => "shared/editor", :locals => {:text => @config, :mode => 'spec', :read_only => true} %> <% end %> -- 1.7.7 -- To unsubscribe, e-mail: obs-commits+unsubscribe@opensuse.org To contact the owner, e-mail: obs-commits+owner@opensuse.org