]> asedeno.scripts.mit.edu Git - bluechips.git/blobdiff - bluechips/controllers/user.py
projects / bluechips.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
added XSRF protection to all forms and associated tests
[bluechips.git] / bluechips / controllers / user.py
diff --git a/bluechips/controllers/user.py b/bluechips/controllers/user.py
index df8253e83811e570ccb7eef23d7da31feb16b339..b432126a15d587acb64f0fcfa4d88e8f4c975e46 100644 (file)
--- a/bluechips/controllers/user.py
+++ b/bluechips/controllers/user.py
@@ -11,6 +11,7 @@ from sqlalchemy import orm
 
 from pylons import request
 from pylons.decorators import validate
+from pylons.decorators.secure import authenticate_form
 
 from formencode import validators, Schema
 
@@ -28,6 +29,7 @@ class UserController(BaseController):
         c.title = 'User Settings'
         return render('/user/index.mako')
 
+    @authenticate_form
     @validate(schema=EmailSchema(), form='index')
     def update(self):
         new_email = self.form_result['new_email']
http://bluechi.ps/