Skip to content

Commit

Permalink
fix: exclude csrfmiddlewaretoken in new ticket form data
Browse files Browse the repository at this point in the history
  • Loading branch information
francesco-filicetti committed Oct 5, 2022
1 parent f982458 commit 06d811e
Showing 1 changed file with 14 additions and 9 deletions.
23 changes: 14 additions & 9 deletions uniticket/uni_ticket/views/user.py
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@
from django_form_builder.utils import (
get_as_dict,
get_labeled_errors,
get_POST_as_json,
# get_POST_as_json,
set_as_dict,
)
from organizational_area.models import (
Expand Down Expand Up @@ -562,6 +562,7 @@ def post(self, request, structure_slug, category_slug, api=False):
TICKET_CONDITIONS_FIELD_ID,
TICKET_CAPTCHA_ID,
TICKET_CAPTCHA_HIDDEN_ID,
'csrfmiddlewaretoken'
]
#
# if user generates an encrypted token in URL
Expand All @@ -580,10 +581,10 @@ def post(self, request, structure_slug, category_slug, api=False):
fields_to_pop.append(TICKET_GENERATE_URL_BUTTON_NAME)

# get form data in json
json_data = get_POST_as_json(
request=request, fields_to_pop=fields_to_pop
)
form_data = json.loads(json_data)
form_data = deepcopy(self.form.data)
for i in fields_to_pop:
if i in form_data:
form_data.pop(i)

# insert input module pk to json data
form_data.update({TICKET_INPUT_MODULE_NAME: self.modulo.pk})
Expand Down Expand Up @@ -662,6 +663,7 @@ def post(self, request, structure_slug, category_slug, api=False):
for i in fields_to_pop:
if i in form_data:
form_data.pop(i)

# make a UUID based on the host ID and current time
code = uuid_code()

Expand Down Expand Up @@ -962,10 +964,13 @@ def ticket_edit(request, ticket_id):
"title": title,
}
if request.method == "POST":
fields_to_pop = [TICKET_CONDITIONS_FIELD_ID]
json_post = get_POST_as_json(
request=request, fields_to_pop=fields_to_pop)
json_response = json.loads(json_post)
fields_to_pop = [TICKET_CONDITIONS_FIELD_ID,
'csrfmiddlewaretoken']
# get form data in json
json_response = deepcopy(request.POST)
for i in fields_to_pop:
if i in json_response:
json_response.pop(i)
# Costruisco il form con il json dei dati inviati e tutti gli allegati
# json_response[settings.ATTACHMENTS_DICT_PREFIX]=allegati
# rimuovo solo gli allegati che sono stati già inseriti
Expand Down

0 comments on commit 06d811e

Please sign in to comment.