diff --git a/cms/admin/views.py b/cms/admin/views.py index 5eddaa2af97..82760124e2c 100644 --- a/cms/admin/views.py +++ b/cms/admin/views.py @@ -1,5 +1,5 @@ from django.shortcuts import get_object_or_404, render_to_response -from django.http import HttpResponse, Http404 +from django.http import HttpResponse, Http404, HttpResponseForbidden, HttpResponseBadRequest from django.contrib.admin.views.decorators import staff_member_required from django.utils.translation import ugettext_lazy as _ from django.template.context import RequestContext @@ -68,7 +68,11 @@ def add_plugin(request): position = None if not page.has_change_permission(request): - raise Http404 + return HttpResponseForbidden(_("You do not have permission to change this page")) + + # Sanity check to make sure we're not getting bogus values from JavaScript: + if not language or not language in [ l[0] for l in settings.LANGUAGES ]: + return HttpResponseBadRequest(_("Language must be set to a supported language!")) plugin = CMSPlugin(page=page, language=language, plugin_type=plugin_type, position=position, placeholder=placeholder) diff --git a/cms/media/cms/js/plugin_editor.js b/cms/media/cms/js/plugin_editor.js index 101d89b47b9..7f43bdd297b 100644 --- a/cms/media/cms/js/plugin_editor.js +++ b/cms/media/cms/js/plugin_editor.js @@ -5,7 +5,17 @@ $(document).ready(function() { var placeholder = $(this).parent().parent().parent().children("label").attr("for").split("id_")[1]; var splits = window.location.href.split("/"); var page_id = splits[splits.length-2]; + var language = $('input.language_button.selected').attr('name'); + + if (!language) { + language = $('input[name=language]').attr("value"); + } + + if (!language) { + alert("Unable to determine the correct language for this plugin! Please report the bug!"); + } + var target_div = $(this).parent().parent().parent().children('div.plugin-editor'); if (pluginvalue) { var pluginname = select.children('[selected]').text();