Андрей (andy) wrote in changelog,
Андрей
andy
changelog

[livejournal] r22387: LJSUP-12819 (remove form_auth field and ...

Committer: ailyin
LJSUP-12819 (remove form_auth field and its verification in the signup form)
U   trunk/cgi-bin/LJ/Widget/CreateAccount.pm
U   trunk/cgi-bin/LJ/Widget.pm
Modified: trunk/cgi-bin/LJ/Widget/CreateAccount.pm
===================================================================
--- trunk/cgi-bin/LJ/Widget/CreateAccount.pm	2012-07-04 07:34:19 UTC (rev 22386)
+++ trunk/cgi-bin/LJ/Widget/CreateAccount.pm	2012-07-04 11:25:42 UTC (rev 22387)
@@ -657,4 +657,6 @@
     return %from_post;
 }
 
+sub need_form_auth { 0 }
+
 1;

Modified: trunk/cgi-bin/LJ/Widget.pm
===================================================================
--- trunk/cgi-bin/LJ/Widget.pm	2012-07-04 07:34:19 UTC (rev 22386)
+++ trunk/cgi-bin/LJ/Widget.pm	2012-07-04 11:25:42 UTC (rev 22387)
@@ -30,6 +30,8 @@
 
 sub collapsable { } ## true for collapsable widget
 
+sub need_form_auth { 1 }
+
 sub start_form {
     my $class = shift;
     my %opts = @_;
@@ -44,8 +46,11 @@
     }
 
     my $ret = "<form method='POST'$eopts>";
-    $ret .= LJ::form_auth();
 
+    if ( $class->need_form_auth ) {
+        $ret .= LJ::form_auth();
+    }
+
     if ($class->authas) {
         my $u = $opts{authas} || $BMLCodeBlock::GET{authas} || $BMLCodeBlock::POST{authas};
         $u = LJ::load_user($u) unless LJ::isu($u);
@@ -287,14 +292,26 @@
     # is this widget disabled?
     return () if $class->is_disabled;
 
-    # require form auth for widget submissions
     my $errorsref = \@BMLCodeBlock::errors;
 
-    unless ( $LJ::WIDGET_NO_AUTH_CHECK || LJ::check_form_auth($post->{lj_form_auth}) ) {
-        push @$errorsref, BML::ml('error.invalidform');
-        return;
+    my $need_form_auth;
+    foreach my $widget_class (@widgets) {
+        my $subclass = $widget_class;
+        unless ( $subclass =~ /^LJ::Widget::/ ) {
+            $subclass = "LJ::Widget::$subclass";
+        }
+
+        $need_form_auth ||= $subclass->need_form_auth;
     }
 
+    if ( $need_form_auth && ! $LJ::WIDGET_NO_AUTH_CHECK ) {
+        # require form auth for widget submissions
+        unless ( LJ::check_form_auth( $post->{'lj_form_auth'} ) ) {
+            push @$errorsref, BML::ml('error.invalidform');
+            return;
+        }
+    }
+
     my $per_widget = $class->post_fields_by_widget(
         post    => $post,
         widgets => \@widgets,

Tags: ailyin, andy, livejournal, pm
Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 0 comments