Changeset - cef93c7ebaa6
Parent rev.
Child rev.
[Not reviewed]
default
0 1 0
Mads Kiilerich (mads) - 3 years ago 2023-03-05 11:57:51
mads@kiilerich.com
ruff: Test for membership should be `not in`
1 file changed with 1 insertions and 1 deletions:
kallithea/lib/webutils.py
1
1
0 comments (0 inline, 0 general)
kallithea/lib/webutils.py
Show inline comments
 
@@ -158,49 +158,49 @@ def select(name, selected_values, option
 
                value = label = x
 
            else:
 
                log.error('invalid select option %r', x)
 
                raise
 
            if isinstance(value, list):
 
                og = options.add_optgroup(label)
 
                for x in value:
 
                    if isinstance(x, tuple) and len(x) == 2:
 
                        group_value, group_label = x
 
                    elif isinstance(x, str):
 
                        group_value = group_label = x
 
                    else:
 
                        log.error('invalid select option %r', x)
 
                        raise
 
                    og.add_option(group_label, group_value)
 
            else:
 
                options.add_option(label, value)
 
    return webhelpers2_select(name, selected_values, options, id=id, **attrs)
 

			




	
	
	
		
 

			




	
	
	
		
 
session_csrf_secret_name = "_session_csrf_secret_token"

			




	
	
	
		
 

			




	
	
	
		
 
def session_csrf_secret_token():

			




	
	
	
		
 
    """Return (and create) the current session's CSRF protection token."""

			




	
	
	
		
 
    if not session_csrf_secret_name in session:

			




	
	
	
		
 
    if session_csrf_secret_name not in session:

			




	
	
	
		
 
        session[session_csrf_secret_name] = str(random.getrandbits(128))

			




	
	
	
		
 
        session.save()

			




	
	
	
		
 
    return session[session_csrf_secret_name]

			




	
	
	
		
 

			




	
	
	
		
 
def form(url, method="post", **attrs):

			




	
	
	
		
 
    """Like webhelpers.html.tags.form , but automatically adding

			




	
	
	
		
 
    session_csrf_secret_token for POST. The secret is thus never leaked in GET

			




	
	
	
		
 
    URLs.

			




	
	
	
		
 
    """

			




	
	
	
		
 
    form = insecure_form(url, method, **attrs)

			




	
	
	
		
 
    if method.lower() == 'get':

			




	
	
	
		
 
        return form

			




	
	
	
		
 
    return form + HTML.div(hidden(session_csrf_secret_name, session_csrf_secret_token()), style="display: none;")

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
#

			




	
	
	
		
 
# Flash messages, stored in cookie

			




	
	
	
		
 
#

			




	
	
	
		
 

			




	
	
	
		
 
class _Message(object):

			




	
	
	
		
 
    """A message returned by ``pop_flash_messages()``.

			




	
	
	
		
 

			




	
	
	
		
 
    Converting the message to a string returns the message text. Instances

			




	
	
	
		
 
    also have the following attributes:

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        Server instance: clio-13986
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.
            – Support