WEB-4143 : Fix a CSRF bug in section files (#56)

IMIO · Sep 13, 2024 · 47392fd · 47392fd
1 parent 69e1d41
commit 47392fd
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 0 deletions.
diff --git a/CHANGES.rst b/CHANGES.rst
@@ -5,6 +5,9 @@ Changelog
 1.2.70 (unreleased)
 -------------------
 
+- WEB-4143 : Fix a CSRF bug in section files
+  [boulch]
+
 - WEB-4144 : Set requests timeout to 12 when we populate RemoteContacts vocabulary
   [remdub]
 

diff --git a/src/imio/smartweb/core/contents/sections/files/view.py b/src/imio/smartweb/core/contents/sections/files/view.py
@@ -4,13 +4,16 @@
 from imio.smartweb.core.utils import batch_results
 from imio.smartweb.core.utils import get_scale_url
 from plone import api
+from plone.protect.interfaces import IDisableCSRFProtection
 from zope.component import queryMultiAdapter
+from zope.interface import alsoProvides
 
 
 class FilesView(CarouselOrTableSectionView):
     """Files Section view"""
 
     def items(self):
+        alsoProvides(self.request, IDisableCSRFProtection)
         orientation = self.context.orientation
         image_scale = self.image_scale
         items = super(FilesView, self).items()