mirror of
https://github.com/bookwyrm-social/bookwyrm.git
synced 2024-11-26 11:31:08 +00:00
Replace hidden field with HTTP Referrer value
This commit is contained in:
parent
78c214a6d4
commit
f266c71da9
12 changed files with 5 additions and 17 deletions
|
@ -14,7 +14,6 @@ Finish "<em>{{ book_title }}</em>"
|
||||||
<input type="hidden" name="id" value="{{ readthrough.id }}">
|
<input type="hidden" name="id" value="{{ readthrough.id }}">
|
||||||
<input type="hidden" name="reading_status" value="read">
|
<input type="hidden" name="reading_status" value="read">
|
||||||
<input type="hidden" name="shelf" value="{{ move_from }}">
|
<input type="hidden" name="shelf" value="{{ move_from }}">
|
||||||
<input type="hidden" name="next" value="{{ request.path }}">
|
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|
||||||
{% block reading-dates %}
|
{% block reading-dates %}
|
||||||
|
|
|
@ -11,7 +11,6 @@
|
||||||
{% csrf_token %}
|
{% csrf_token %}
|
||||||
<input type="hidden" name="id" value="{{ readthrough.id }}">
|
<input type="hidden" name="id" value="{{ readthrough.id }}">
|
||||||
<input type="hidden" name="start_date" value="{{ readthrough.start_date|date:'Y-m-d' }}">
|
<input type="hidden" name="start_date" value="{{ readthrough.start_date|date:'Y-m-d' }}">
|
||||||
<input type="hidden" name="next" value="{{ request.path }}">
|
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|
||||||
{% block reading-dates %}
|
{% block reading-dates %}
|
||||||
|
|
|
@ -13,7 +13,6 @@ Start "<em>{{ book_title }}</em>"
|
||||||
{% csrf_token %}
|
{% csrf_token %}
|
||||||
<input type="hidden" name="reading_status" value="reading">
|
<input type="hidden" name="reading_status" value="reading">
|
||||||
<input type="hidden" name="shelf" value="{{ move_from }}">
|
<input type="hidden" name="shelf" value="{{ move_from }}">
|
||||||
<input type="hidden" name="next" value="{{ request.path }}">
|
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|
||||||
{% block reading-dates %}
|
{% block reading-dates %}
|
||||||
|
|
|
@ -14,7 +14,6 @@ Stop Reading "<em>{{ book_title }}</em>"
|
||||||
<input type="hidden" name="id" value="{{ readthrough.id }}">
|
<input type="hidden" name="id" value="{{ readthrough.id }}">
|
||||||
<input type="hidden" name="reading_status" value="stopped-reading">
|
<input type="hidden" name="reading_status" value="stopped-reading">
|
||||||
<input type="hidden" name="shelf" value="{{ move_from }}">
|
<input type="hidden" name="shelf" value="{{ move_from }}">
|
||||||
<input type="hidden" name="next" value="{{ request.path }}">
|
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|
||||||
{% block reading-dates %}
|
{% block reading-dates %}
|
||||||
|
|
|
@ -13,7 +13,6 @@ Want to Read "<em>{{ book_title }}</em>"
|
||||||
{% csrf_token %}
|
{% csrf_token %}
|
||||||
<input type="hidden" name="reading_status" value="to-read">
|
<input type="hidden" name="reading_status" value="to-read">
|
||||||
<input type="hidden" name="shelf" value="{{ move_from }}">
|
<input type="hidden" name="shelf" value="{{ move_from }}">
|
||||||
<input type="hidden" name="next" value="{{ request.path }}">
|
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|
||||||
{% block form %}
|
{% block form %}
|
||||||
|
|
|
@ -22,7 +22,6 @@
|
||||||
<input type="hidden" name="book" value="{{ book.id }}">
|
<input type="hidden" name="book" value="{{ book.id }}">
|
||||||
<input type="hidden" name="change-shelf-from" value="{{ current.identifier }}">
|
<input type="hidden" name="change-shelf-from" value="{{ current.identifier }}">
|
||||||
<input type="hidden" name="shelf" value="{{ shelf.identifier }}">
|
<input type="hidden" name="shelf" value="{{ shelf.identifier }}">
|
||||||
<input type="hidden" name="next" value="{{ request.path }}">
|
|
||||||
<button class="button is-fullwidth is-small shelf-option is-radiusless has-background-body" type="submit" {% if shelf.identifier == current.identifier %}disabled{% endif %}>
|
<button class="button is-fullwidth is-small shelf-option is-radiusless has-background-body" type="submit" {% if shelf.identifier == current.identifier %}disabled{% endif %}>
|
||||||
<span>
|
<span>
|
||||||
{% include "snippets/translated_shelf_name.html" with shelf=shelf %}
|
{% include "snippets/translated_shelf_name.html" with shelf=shelf %}
|
||||||
|
@ -78,7 +77,6 @@
|
||||||
{% csrf_token %}
|
{% csrf_token %}
|
||||||
<input type="hidden" name="book" value="{{ book.id }}">
|
<input type="hidden" name="book" value="{{ book.id }}">
|
||||||
<input type="hidden" name="shelf" value="{{ user_shelf.id }}">
|
<input type="hidden" name="shelf" value="{{ user_shelf.id }}">
|
||||||
<input type="hidden" name="next" value="{{ request.path }}">
|
|
||||||
<button class="button is-fullwidth is-small is-radiusless is-danger is-light" type="submit">
|
<button class="button is-fullwidth is-small is-radiusless is-danger is-light" type="submit">
|
||||||
{% blocktrans with name=user_shelf|translate_shelf_name %}Remove from {{ name }}{% endblocktrans %}
|
{% blocktrans with name=user_shelf|translate_shelf_name %}Remove from {{ name }}{% endblocktrans %}
|
||||||
</button>
|
</button>
|
||||||
|
@ -93,7 +91,6 @@
|
||||||
{% csrf_token %}
|
{% csrf_token %}
|
||||||
<input type="hidden" name="book" value="{{ book.id }}">
|
<input type="hidden" name="book" value="{{ book.id }}">
|
||||||
<input type="hidden" name="shelf" value="{{ shelf.id }}">
|
<input type="hidden" name="shelf" value="{{ shelf.id }}">
|
||||||
<input type="hidden" name="next" value="{{ request.path }}">
|
|
||||||
<button class="button is-fullwidth is-small is-radiusless is-danger is-light" type="submit">{% trans "Remove from" %} {{ shelf.name }}</button>
|
<button class="button is-fullwidth is-small is-radiusless is-danger is-light" type="submit">{% trans "Remove from" %} {{ shelf.name }}</button>
|
||||||
</form>
|
</form>
|
||||||
</li>
|
</li>
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
{% load utilities %}
|
{% load utilities %}
|
||||||
<form name="fallback_form_{{ 0|uuid }}" method="GET" action="{{ fallback_url }}" autocomplete="off">
|
<form name="fallback_form_{{ 0|uuid }}" method="GET" action="{{ fallback_url }}" autocomplete="off">
|
||||||
<input type="hidden" name="next" value="{{ request.path }}">
|
|
||||||
<button
|
<button
|
||||||
type="submit"
|
type="submit"
|
||||||
class="button {{ class }}"
|
class="button {{ class }}"
|
||||||
|
|
|
@ -45,7 +45,6 @@
|
||||||
<form name="shelve-{{ uuid }}-{{ shelf.identifier }}" action="/shelve/" method="post" autocomplete="off">
|
<form name="shelve-{{ uuid }}-{{ shelf.identifier }}" action="/shelve/" method="post" autocomplete="off">
|
||||||
{% csrf_token %}
|
{% csrf_token %}
|
||||||
<input type="hidden" name="book" value="{{ active_shelf.book.id }}">
|
<input type="hidden" name="book" value="{{ active_shelf.book.id }}">
|
||||||
<input type="hidden" name="next" value="{{ request.path }}">
|
|
||||||
<button class="button {{ class }}" name="shelf" type="submit" value="{{ shelf.identifier }}" {% if book|is_book_on_shelf:shelf %} disabled {% endif %}>
|
<button class="button {{ class }}" name="shelf" type="submit" value="{{ shelf.identifier }}" {% if book|is_book_on_shelf:shelf %} disabled {% endif %}>
|
||||||
<span>{{ shelf.name }}</span>
|
<span>{{ shelf.name }}</span>
|
||||||
</button>
|
</button>
|
||||||
|
@ -70,7 +69,6 @@
|
||||||
{% csrf_token %}
|
{% csrf_token %}
|
||||||
<input type="hidden" name="book" value="{{ active_shelf.book.id }}">
|
<input type="hidden" name="book" value="{{ active_shelf.book.id }}">
|
||||||
<input type="hidden" name="shelf" value="{{ active_shelf.shelf.id }}">
|
<input type="hidden" name="shelf" value="{{ active_shelf.shelf.id }}">
|
||||||
<input type="hidden" name="next" value="{{ request.path }}">
|
|
||||||
<button class="button is-fullwidth is-small{% if dropdown %} is-radiusless{% endif %} is-danger is-light" type="submit">
|
<button class="button is-fullwidth is-small{% if dropdown %} is-radiusless{% endif %} is-danger is-light" type="submit">
|
||||||
{% blocktrans with name=active_shelf.shelf|translate_shelf_name %}Remove from {{ name }}{% endblocktrans %}
|
{% blocktrans with name=active_shelf.shelf|translate_shelf_name %}Remove from {{ name }}{% endblocktrans %}
|
||||||
</button>
|
</button>
|
||||||
|
|
|
@ -62,7 +62,6 @@
|
||||||
<form name="shelve-{{ uuid }}-{{ shelf.identifier }}" action="/shelve/" method="post">
|
<form name="shelve-{{ uuid }}-{{ shelf.identifier }}" action="/shelve/" method="post">
|
||||||
{% csrf_token %}
|
{% csrf_token %}
|
||||||
<input type="hidden" name="book" value="{{ active_shelf.book.id }}">
|
<input type="hidden" name="book" value="{{ active_shelf.book.id }}">
|
||||||
<input type="hidden" name="next" value="{{ request.path }}">
|
|
||||||
<button
|
<button
|
||||||
class="button {{ class }}"
|
class="button {{ class }}"
|
||||||
name="shelf"
|
name="shelf"
|
||||||
|
|
|
@ -43,7 +43,7 @@ class ReadingStatus(View):
|
||||||
@transaction.atomic
|
@transaction.atomic
|
||||||
def post(self, request, status, book_id):
|
def post(self, request, status, book_id):
|
||||||
"""Change the state of a book by shelving it and adding reading dates"""
|
"""Change the state of a book by shelving it and adding reading dates"""
|
||||||
next_step = request.POST.get("next", "/")
|
next_step = request.META.get('HTTP_REFERER')
|
||||||
next_step = validate_url_domain(next_step, "/")
|
next_step = validate_url_domain(next_step, "/")
|
||||||
identifier = {
|
identifier = {
|
||||||
"want": models.Shelf.TO_READ,
|
"want": models.Shelf.TO_READ,
|
||||||
|
|
|
@ -36,7 +36,7 @@ def delete_shelf(request, shelf_id):
|
||||||
@transaction.atomic
|
@transaction.atomic
|
||||||
def shelve(request):
|
def shelve(request):
|
||||||
"""put a book on a user's shelf"""
|
"""put a book on a user's shelf"""
|
||||||
next_step = request.POST.get("next", "/")
|
next_step = request.META.get('HTTP_REFERER')
|
||||||
next_step = validate_url_domain(next_step, "/")
|
next_step = validate_url_domain(next_step, "/")
|
||||||
book = get_object_or_404(models.Edition, id=request.POST.get("book"))
|
book = get_object_or_404(models.Edition, id=request.POST.get("book"))
|
||||||
desired_shelf = get_object_or_404(
|
desired_shelf = get_object_or_404(
|
||||||
|
@ -98,7 +98,7 @@ def shelve(request):
|
||||||
@require_POST
|
@require_POST
|
||||||
def unshelve(request, book_id=False):
|
def unshelve(request, book_id=False):
|
||||||
"""remove a book from a user's shelf"""
|
"""remove a book from a user's shelf"""
|
||||||
next_step = request.POST.get("next", "/")
|
next_step = request.META.get('HTTP_REFERER')
|
||||||
next_step = validate_url_domain(next_step, "/")
|
next_step = validate_url_domain(next_step, "/")
|
||||||
identity = book_id if book_id else request.POST.get("book")
|
identity = book_id if book_id else request.POST.get("book")
|
||||||
book = get_object_or_404(models.Edition, id=identity)
|
book = get_object_or_404(models.Edition, id=identity)
|
||||||
|
|
|
@ -59,7 +59,7 @@ class CreateStatus(View):
|
||||||
# pylint: disable=too-many-branches
|
# pylint: disable=too-many-branches
|
||||||
def post(self, request, status_type, existing_status_id=None):
|
def post(self, request, status_type, existing_status_id=None):
|
||||||
"""create status of whatever type"""
|
"""create status of whatever type"""
|
||||||
next_step = request.POST.get("next", "/")
|
next_step = request.META.get('HTTP_REFERER')
|
||||||
next_step = validate_url_domain(next_step, "/")
|
next_step = validate_url_domain(next_step, "/")
|
||||||
created = not existing_status_id
|
created = not existing_status_id
|
||||||
existing_status = None
|
existing_status = None
|
||||||
|
@ -170,7 +170,7 @@ def update_progress(request, book_id): # pylint: disable=unused-argument
|
||||||
def edit_readthrough(request):
|
def edit_readthrough(request):
|
||||||
"""can't use the form because the dates are too finnicky"""
|
"""can't use the form because the dates are too finnicky"""
|
||||||
# TODO: remove this, it duplicates the code in the ReadThrough view
|
# TODO: remove this, it duplicates the code in the ReadThrough view
|
||||||
next_step = request.POST.get("next", "/")
|
next_step = request.META.get('HTTP_REFERER')
|
||||||
next_step = validate_url_domain(next_step, "/")
|
next_step = validate_url_domain(next_step, "/")
|
||||||
readthrough = get_object_or_404(models.ReadThrough, id=request.POST.get("id"))
|
readthrough = get_object_or_404(models.ReadThrough, id=request.POST.get("id"))
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue