]> asedeno.scripts.mit.edu Git - bluechips.git/blobdiff - bluechips/controllers/transfer.py
projects / bluechips.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
added XSRF protection to all forms and associated tests
[bluechips.git] / bluechips / controllers / transfer.py
diff --git a/bluechips/controllers/transfer.py b/bluechips/controllers/transfer.py
index 50948456fad832da5bd81035aee1ea08a6d15d8c..ed0601845fc58b9db6f8ad67bfd1daf1e10d0702 100644 (file)
--- a/bluechips/controllers/transfer.py
+++ b/bluechips/controllers/transfer.py
@@ -10,6 +10,7 @@ from bluechips.lib.base import *
 
 from pylons import request, app_globals as g
 from pylons.decorators import validate
+from pylons.decorators.secure import authenticate_form
 from pylons.controllers.util import abort
 
 from formencode import Schema, validators
@@ -48,6 +49,7 @@ class TransferController(BaseController):
         return render('/transfer/index.mako')
     
     @redirect_on_get('edit')
+    @authenticate_form
     @validate(schema=TransferSchema(), form='edit')
     def update(self, id=None):
         if id is None:
http://bluechi.ps/