Skip to content
Browse files

Fixed #897 by only accessing request.POST in the middleware when we'r…

…e pretty sure the POST is for the toolbar (login)
  • Loading branch information...
1 parent a040642 commit 932f7ec97afeb5cdefe41a8b9cdeb5e875d037ab Jonas Obrist committed
Showing with 10 additions and 9 deletions.
  1. +9 −8 cms/cms_toolbar.py
  2. +1 −1 cms/templates/cms/toolbar/items/login.html
View
17 cms/cms_toolbar.py
@@ -219,11 +219,12 @@ def _request_hook_get(self):
def _request_hook_post(self):
# login hook
- login_form = CMSToolbarLoginForm(self.request.POST)
- if login_form.is_valid():
- username = login_form.cleaned_data['cms_username']
- password = login_form.cleaned_data['cms_password']
- user = authenticate(username=username, password=password)
- if user:
- login(self.request, user)
- self.init()
+ if 'cms-toolbar-login' in self.request.GET:
+ login_form = CMSToolbarLoginForm(self.request.POST)
+ if login_form.is_valid():
+ username = login_form.cleaned_data['cms_username']
+ password = login_form.cleaned_data['cms_password']
+ user = authenticate(username=username, password=password)
+ if user:
+ login(self.request, user)
+ self.init()
View
2 cms/templates/cms/toolbar/items/login.html
@@ -1,5 +1,5 @@
{% load i18n %}
-<form action="." method="post" id="cms_toolbar-item_login" class="cms_toolbar-item{% if auth_error %} cms_toolbar_error{% endif %}">
+<form action="?cms-toolbar-login=1" method="post" id="cms_toolbar-item_login" class="cms_toolbar-item{% if auth_error %} cms_toolbar_error{% endif %}">
<fieldset>
{% csrf_token %}
<label for="cms_toolbar-item_login-username">{% trans "Username" %}</label>

0 comments on commit 932f7ec

Please sign in to comment.
Something went wrong with that request. Please try again.