search

Arachnid / bloggart

A blog application for App Engine
http://bloggart-demo.appspot.com/
287 stars 78 forks source link

Add CSRF protection, some bugfixes. #58

Closed cyberphobia closed 11 years ago

cyberphobia commented 11 years ago

Hey,

I started using bloggart as a blog on AppEngine, and implemented a lot of changes, some of which are probably incompatible with your original design goals. One of the things I changed is that I added csrf protection for the admin portal to my fork, so people can't trick me into submitting rogue blog posts. I figured I could backport the fix, since it's kind of a security bug. See below code changes

Along the way I had to change a couple of other things as well to make it work (like switch to Django 1.2, and remove fix_path, as that bug was apparently fixed).

Feel free to pull, or to ignore :)

Daniel

rctay commented 11 years ago

This is great. It would be a better idea to split up the changes into smaller ones, one for each logical change.

Arachnid commented 11 years ago

While I agree it'd be better as separate patches, I'm happy with all these changes. Thanks heaps!

rctay commented 11 years ago

:thumbsup: