Commit c8c78e0f authored by Daniel STAN's avatar Daniel STAN

On enlève la variable POST des rapports, en prod

parent df317de9
......@@ -14,7 +14,7 @@
{% if form.errors %}
<div id="message">Your username and password didn't match. Please try again.</div>
{% endif %}
<form method="post" action="{% url django.contrib.auth.views.login %}">{% csrf_token %}
<form method="post" action="/login">{% csrf_token %}
{{ form.username.label_tag }}
{{ form.username }}
......
......@@ -3,6 +3,8 @@
from django.conf.urls.defaults import include, patterns, url
import settings
import django.contrib.auth.views
from utils.protectpost import protect
from django.contrib import admin
admin.autodiscover()
......@@ -12,7 +14,7 @@ urlpatterns = patterns('',
url('^$', 'intranet.accueil.view'),
# Pages de login
url('^login', 'django.contrib.auth.views.login', {'template_name': 'login.html'}, name="login"),
url('^login', protect(django.contrib.auth.views.login), {'template_name': 'login.html'}, name="login"),
url('^logout', 'django.contrib.auth.views.logout_then_login', name ="logout"),
(r'^admin/', include(admin.site.urls)),
)
......
#!/usr/bin/env python
# -*- encoding: utf-8 -*-
import functools
def protect(f):
""" Transforme une vue afin d'effacer la variable POST avant rapport
de bug en production.
Cette feature est supportée plus proprement par la dernière version
de django (pas encore dans squeeze) """
@functools.wraps(f)
def wrapper(request,*args,**kwargs):
try:
return f(request,*args,**kwargs)
except Exception as e:
if not settings.DEBUG:
request.POST = "Censuré (mettre settings.DEBUG=True si voulu)"
raise e
return wrapper
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment