lsm/Orchard
1
0
Fork 0
mirror of https://github.com/OrchardCMS/Orchard.git synced 2025-11-28 17:32:44 +08:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Ensuring remaining data-manipulating controller actions are POSTs

Browse Source 
--HG--
extra : convert_revision : svn%3A5ff7c347-ad56-4c35-b696-ccb81de16e03/trunk%4045801
This commit is contained in:
skewed
2010-01-21 21:13:35 +00:00
parent fdae78826b
commit 910ca4f916
7 changed files with 73 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/Orchard.Web/Packages/Orchard.Comments/Controllers/AdminController.cs
View File

@@ -129,7 +129,7 @@ namespace Orchard.Comments.Controllers {
return View(new CommentsCreateViewModel());
}
[AcceptVerbs(HttpVerbs.Post)]
[HttpPost]
public ActionResult Create(string returnUrl) {
var viewModel = new CommentsCreateViewModel();
try {
@@ -255,6 +255,7 @@ namespace Orchard.Comments.Controllers {
return RedirectToAction("Index");
}
[HttpPost]
public ActionResult Close(int commentedItemId, string returnUrl) {
try {
if (!_authorizer.Authorize(Permissions.CloseComment, T("Couldn't close comments")))
@@ -274,6 +275,7 @@ namespace Orchard.Comments.Controllers {
}
}
[HttpPost]
public ActionResult Enable(int commentedItemId, string returnUrl) {
try {
if (!_authorizer.Authorize(Permissions.EnableComment, T("Couldn't enable comments")))
@@ -313,7 +315,7 @@ namespace Orchard.Comments.Controllers {
}
}
[AcceptVerbs(HttpVerbs.Post)]
[HttpPost]
public ActionResult Edit(FormCollection input) {
var viewModel = new CommentsEditViewModel();
try {
@@ -330,6 +332,7 @@ namespace Orchard.Comments.Controllers {
}
}
[HttpPost]
public ActionResult Delete(int id, string returnUrl) {
try {
if (!_authorizer.Authorize(Permissions.ManageComments, T("Couldn't delete comment")))

60
src/Orchard.Web/Packages/Orchard.Comments/Views/Admin/Details.aspx
View File

@@ -2,6 +2,21 @@
<%@ Import Namespace="Orchard.Comments.Models"%>
<%@ Import Namespace="Orchard.Comments.ViewModels"%>
<h1><%=Html.TitleForPage(T("Comments for {0}", Model.DisplayNameForCommentedItem).ToString()) %></h1>
<div class="manage"><%
if (Model.CommentsClosedOnItem) {
using (Html.BeginFormAntiForgeryPost(Url.Action("Enable", new { commentedItemId = Model.CommentedItemId }), FormMethod.Post, new { @class = "inline" })) { %>
<fieldset>
<button type="submit" title="<%=_Encoded("Enable Comments") %>"><%=_Encoded("Enable Comments")%></button>
</fieldset><%
}
} else {
using (Html.BeginFormAntiForgeryPost(Url.Action("Close", new { commentedItemId = Model.CommentedItemId }), FormMethod.Post, new { @class = "inline" })) { %>
<fieldset>
<button type="submit" class="remove" title="<%=_Encoded("Close Comments") %>"><%=_Encoded("Close Comments")%></button>
</fieldset><%
}
} %>
</div>
<% using(Html.BeginFormAntiForgeryPost()) { %>
<%=Html.ValidationSummary() %>
<fieldset class="actions bulk">
@@ -25,13 +40,6 @@
</select>
<input class="button" type="submit" name="submit.Filter" value="<%=_Encoded("Apply") %>"/>
</fieldset>
<div class="manage">
<% if (Model.CommentsClosedOnItem) {
%><%=Html.ActionLink(T("Enable Comments").ToString(), "Enable", new { commentedItemId = Model.CommentedItemId }, new { @class = "button" })%><%
} else {
%><%=Html.ActionLink(T("Close Comments").ToString(), "Close", new { commentedItemId = Model.CommentedItemId }, new { @class = "button remove" })%><%
} %>
</div>
<fieldset>
<table class="items" summary="<%=_Encoded("This is a table of the comments for the content item") %>">
<colgroup>
@@ -77,8 +85,18 @@
</td>
<td><%=commentEntry.Comment.CommentDate.ToLocalTime() %></td>
<td>
<%=Html.ActionLink(T("Edit").ToString(), "Edit", new {commentEntry.Comment.Id}) %> |
<%=Html.ActionLink(T("Delete").ToString(), "Delete", new {id = commentEntry.Comment.Id, redirectToAction = "Details"}) %>
<ul class="actions">
<li class="construct">
<a href="<%=Url.Action("Edit", new {commentEntry.Comment.Id}) %>" class="ibutton edit" title="<%=_Encoded("Edit Comment")%>"><%=_Encoded("Edit Comment")%></a>
</li>
<li class="destruct">
<%-- a form in a form doesn't quite work <% using (Html.BeginFormAntiForgeryPost(Url.Action("Delete", new {id = commentEntry.Comment.Id, redirectToAction = "Details"}), FormMethod.Post, new { @class = "inline" })) { %>
<fieldset>
<button type="submit" class="ibutton remove" title="<%=_Encoded("Remove Comment") %>"><%=_Encoded("Remove Comment") %></button>
</fieldset><%
} %>
--%> </li>
</ul>
</td>
</tr>
<%
@@ -86,11 +104,19 @@
} %>
</table>
</fieldset>
<div class="manage">
<% if (Model.CommentsClosedOnItem) {
%><%=Html.ActionLink(T("Enable Comments").ToString(), "Enable", new { commentedItemId = Model.CommentedItemId }, new { @class = "button" })%><%
} else {
%><%=Html.ActionLink(T("Close Comments").ToString(), "Close", new { commentedItemId = Model.CommentedItemId }, new { @class = "button remove" })%><%
} %>
</div>
<% } %>
<% } %>
<div class="manage"><%
if (Model.CommentsClosedOnItem) {
using (Html.BeginFormAntiForgeryPost(Url.Action("Enable", new { commentedItemId = Model.CommentedItemId }), FormMethod.Post, new { @class = "inline" })) { %>
<fieldset>
<button type="submit" title="<%=_Encoded("Enable Comments") %>"><%=_Encoded("Enable Comments")%></button>
</fieldset><%
}
} else {
using (Html.BeginFormAntiForgeryPost(Url.Action("Close", new { commentedItemId = Model.CommentedItemId }), FormMethod.Post, new { @class = "inline" })) { %>
<fieldset>
<button type="submit" class="remove" title="<%=_Encoded("Close Comments") %>"><%=_Encoded("Close Comments")%></button>
</fieldset><%
}
} %>
</div>

14
src/Orchard.Web/Packages/Orchard.Comments/Views/Admin/Index.aspx
View File

@@ -70,8 +70,18 @@
<td><%=commentEntry.Comment.CommentDate.ToLocalTime() %></td>
<td><%=Html.ActionLink(commentEntry.CommentedOn, "Details", new { id = commentEntry.Comment.CommentedOn }) %></td>
<td>
<%=Html.ActionLink(T("Edit").ToString(), "Edit", new {commentEntry.Comment.Id}) %> |
<%=Html.ActionLink(T("Delete").ToString(), "Delete", new { id = commentEntry.Comment.Id, redirectToAction = "Index" }) %>
<ul class="actions">
<li class="construct">
<a href="<%=Url.Action("Edit", new {commentEntry.Comment.Id}) %>" class="ibutton edit" title="<%=_Encoded("Edit Comment")%>"><%=_Encoded("Edit Comment")%></a>
</li>
<li class="destruct">
<%-- a form in a form doesn't quite work <% using (Html.BeginFormAntiForgeryPost(Url.Action("Delete", new {id = commentEntry.Comment.Id, redirectToAction = "Details"}), FormMethod.Post, new { @class = "inline" })) { %>
<fieldset>
<button type="submit" class="ibutton remove" title="<%=_Encoded("Remove Comment") %>"><%=_Encoded("Remove Comment") %></button>
</fieldset><%
} %>
--%> </li>
</ul>
</td>
</tr>
<%

12
src/Orchard.Web/Packages/Orchard.Media/Controllers/AdminController.cs
View File

@@ -32,7 +32,7 @@ namespace Orchard.Media.Controllers {
return View(model);
}
[AcceptVerbs(HttpVerbs.Post)]
[HttpPost]
public ActionResult Index(FormCollection input) {
try {
foreach (string key in input.Keys) {
@@ -53,7 +53,7 @@ namespace Orchard.Media.Controllers {
return View(new MediaFolderCreateViewModel { MediaPath = mediaPath });
}
[AcceptVerbs(HttpVerbs.Post)]
[HttpPost]
public ActionResult Create() {
var viewModel = new MediaFolderCreateViewModel();
try {
@@ -76,7 +76,7 @@ namespace Orchard.Media.Controllers {
return View(model);
}
[AcceptVerbs(HttpVerbs.Post)]
[HttpPost]
public ActionResult Edit(FormCollection input) {
try {
foreach (string key in input.Keys) {
@@ -108,7 +108,7 @@ namespace Orchard.Media.Controllers {
return View(model);
}
[AcceptVerbs(HttpVerbs.Post)]
[HttpPost]
public ActionResult EditProperties() {
var viewModel = new MediaFolderEditPropertiesViewModel();
try {
@@ -140,7 +140,7 @@ namespace Orchard.Media.Controllers {
return View(model);
}
[AcceptVerbs(HttpVerbs.Post)]
[HttpPost]
public ActionResult Add() {
var viewModel = new MediaItemAddViewModel();
try {
@@ -172,7 +172,7 @@ namespace Orchard.Media.Controllers {
return View(model);
}
[AcceptVerbs(HttpVerbs.Post)]
[HttpPost]
public ActionResult EditMedia(FormCollection input) {
var viewModel = new MediaItemEditViewModel();
try {

2
src/Orchard.Web/Packages/Orchard.Tags/Controllers/AdminController.cs
View File

@@ -116,7 +116,7 @@ namespace Orchard.Tags.Controllers {
}
}
[AcceptVerbs(HttpVerbs.Post)]
[HttpPost]
public ActionResult Edit(FormCollection input) {
var viewModel = new TagsAdminEditViewModel();
try {

6
src/Orchard.Web/Packages/Orchard.Users/Controllers/AccountController.cs
View File

@@ -42,7 +42,7 @@ namespace Orchard.Users.Controllers {
return View("LogOn", new LogOnViewModel { Title = "Log On", ReturnUrl = returnUrl });
}
[AcceptVerbs(HttpVerbs.Post)]
[HttpPost]
[SuppressMessage("Microsoft.Design", "CA1054:UriParametersShouldNotBeStrings",
Justification = "Needs to take same parameter type as Controller.Redirect()")]
public ActionResult LogOn(string userName, string password, bool rememberMe, string returnUrl) {
@@ -79,7 +79,7 @@ namespace Orchard.Users.Controllers {
return View(new BaseViewModel());
}
[AcceptVerbs(HttpVerbs.Post)]
[HttpPost]
public ActionResult Register(string userName, string email, string password, string confirmPassword) {
ViewData["PasswordLength"] = MinPasswordLength;
@@ -109,7 +109,7 @@ namespace Orchard.Users.Controllers {
}
[Authorize]
[AcceptVerbs(HttpVerbs.Post)]
[HttpPost]
[SuppressMessage("Microsoft.Design", "CA1031:DoNotCatchGeneralExceptionTypes",
Justification = "Exceptions result in password not being changed.")]
public ActionResult ChangePassword(string currentPassword, string newPassword, string confirmPassword) {

6
src/Orchard.Web/Themes/TheAdmin/Styles/site.css
View File

@@ -293,7 +293,7 @@ a:hover, a:active, a:focus {
margin:-.4em 0 .4em;
}
#main form {
margin:.345em 0 1.5em;
margin:.345em 0 1.38em;
}
#main form.inline {
margin:0;
@@ -360,7 +360,7 @@ form.inline fieldset {
fieldset.bulk.actions {
display:inline;
height:auto;
margin:0 1.4em -.7em 0;
margin:0 1.4em 0 0;
padding-top:0;
}
@@ -488,7 +488,7 @@ button.remove:focus::-moz-focus-inner, .remove.button:focus::-moz-focus-inner {
}
.manage {
float:right;
margin:4px 0 6px 4px;
margin:0 0 10px 8px;
overflow:hidden;
}
.actions {