disable csrf protection for upgrade (may not have right keyring yet)

plone · Mar 17, 2014 · 18024e4 · 18024e4 · mister-roboto · Mar 17, 2014
1 parent 63a6010
commit 18024e4
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/Products/CMFPlone/browser/admin.py b/Products/CMFPlone/browser/admin.py
@@ -255,6 +255,9 @@ def __call__(self):
         form = self.request.form
         submitted = form.get('form.submitted', False)
         if submitted:
+            # CSRF protect. DO NOT use auto CSRF protection for upgrading a site
+            alsoProvides(self.request, IDisableCSRFProtection)
+
             pm = getattr(self.context, 'portal_migration')
             report = pm.upgrade(
                 REQUEST=self.request,