[livejournal] r22387: LJSUP-12819 (remove form_auth field and ...: changelog

[livejournal] r22387: LJSUP-12819 (remove form_auth field and ...

Committer: ailyin

LJSUP-12819 (remove form_auth field and its verification in the signup form)

U   trunk/cgi-bin/LJ/Widget/CreateAccount.pm
U   trunk/cgi-bin/LJ/Widget.pm

Modified: trunk/cgi-bin/LJ/Widget/CreateAccount.pm
===================================================================
--- trunk/cgi-bin/LJ/Widget/CreateAccount.pm	2012-07-04 07:34:19 UTC (rev 22386)
+++ trunk/cgi-bin/LJ/Widget/CreateAccount.pm	2012-07-04 11:25:42 UTC (rev 22387)
@@ -657,4 +657,6 @@
     return %from_post;
 }
 
+sub need_form_auth { 0 }
+
 1;

Modified: trunk/cgi-bin/LJ/Widget.pm
===================================================================
--- trunk/cgi-bin/LJ/Widget.pm	2012-07-04 07:34:19 UTC (rev 22386)
+++ trunk/cgi-bin/LJ/Widget.pm	2012-07-04 11:25:42 UTC (rev 22387)
@@ -30,6 +30,8 @@
 
 sub collapsable { } ## true for collapsable widget
 
+sub need_form_auth { 1 }
+
 sub start_form {
     my $class = shift;
     my %opts = @_;
@@ -44,8 +46,11 @@
     }
 
     my $ret = "<form method='POST'$eopts>";
-    $ret .= LJ::form_auth();
 
+    if ( $class->need_form_auth ) {
+        $ret .= LJ::form_auth();
+    }
+
     if ($class->authas) {
         my $u = $opts{authas} || $BMLCodeBlock::GET{authas} || $BMLCodeBlock::POST{authas};
         $u = LJ::load_user($u) unless LJ::isu($u);
@@ -287,14 +292,26 @@
     # is this widget disabled?
     return () if $class->is_disabled;
 
-    # require form auth for widget submissions
     my $errorsref = \@BMLCodeBlock::errors;
 
-    unless ( $LJ::WIDGET_NO_AUTH_CHECK || LJ::check_form_auth($post->{lj_form_auth}) ) {
-        push @$errorsref, BML::ml('error.invalidform');
-        return;
+    my $need_form_auth;
+    foreach my $widget_class (@widgets) {
+        my $subclass = $widget_class;
+        unless ( $subclass =~ /^LJ::Widget::/ ) {
+            $subclass = "LJ::Widget::$subclass";
+        }
+
+        $need_form_auth ||= $subclass->need_form_auth;
     }
 
+    if ( $need_form_auth && ! $LJ::WIDGET_NO_AUTH_CHECK ) {
+        # require form auth for widget submissions
+        unless ( LJ::check_form_auth( $post->{'lj_form_auth'} ) ) {
+            push @$errorsref, BML::ml('error.invalidform');
+            return;
+        }
+    }
+
     my $per_widget = $class->post_fields_by_widget(
         post    => $post,
         widgets => \@widgets,

Post a new comment
Error

Anonymous comments are disabled in this journal
We will log you in after post

We will log you in after post

We will log you in after post

We will log you in after post

We will log you in after post

Anonymously

switch

LiveJournal

Facebook

Twitter

OpenId

Google

MailRu

VKontakte

Anonymously

default userpic

Your reply will be screened

Your IP address will be recorded

Preview comment

Help
0 comments

Post a new comment
0 comments

Log in

[livejournal] r22387: LJSUP-12819 (remove form_auth field and ...

[livejournal] r23562: LJSUP-14875: [internal] add "use index" ...

[livejournal] r23551: LJSUP-14841: [internal] remove "use inde...

[livejournal] r23547: LJSUP-14818: Disable friendchange notifi...

Error