Replace hidden field with HTTP Referrer value

This commit is contained in:
Joachim 2023-01-01 19:42:03 +01:00
parent 78c214a6d4
commit f266c71da9
12 changed files with 5 additions and 17 deletions

View file

@ -14,7 +14,6 @@ Finish "<em>{{ book_title }}</em>"
<input type="hidden" name="id" value="{{ readthrough.id }}"> <input type="hidden" name="id" value="{{ readthrough.id }}">
<input type="hidden" name="reading_status" value="read"> <input type="hidden" name="reading_status" value="read">
<input type="hidden" name="shelf" value="{{ move_from }}"> <input type="hidden" name="shelf" value="{{ move_from }}">
<input type="hidden" name="next" value="{{ request.path }}">
{% endblock %} {% endblock %}
{% block reading-dates %} {% block reading-dates %}

View file

@ -11,7 +11,6 @@
{% csrf_token %} {% csrf_token %}
<input type="hidden" name="id" value="{{ readthrough.id }}"> <input type="hidden" name="id" value="{{ readthrough.id }}">
<input type="hidden" name="start_date" value="{{ readthrough.start_date|date:'Y-m-d' }}"> <input type="hidden" name="start_date" value="{{ readthrough.start_date|date:'Y-m-d' }}">
<input type="hidden" name="next" value="{{ request.path }}">
{% endblock %} {% endblock %}
{% block reading-dates %} {% block reading-dates %}

View file

@ -13,7 +13,6 @@ Start "<em>{{ book_title }}</em>"
{% csrf_token %} {% csrf_token %}
<input type="hidden" name="reading_status" value="reading"> <input type="hidden" name="reading_status" value="reading">
<input type="hidden" name="shelf" value="{{ move_from }}"> <input type="hidden" name="shelf" value="{{ move_from }}">
<input type="hidden" name="next" value="{{ request.path }}">
{% endblock %} {% endblock %}
{% block reading-dates %} {% block reading-dates %}

View file

@ -14,7 +14,6 @@ Stop Reading "<em>{{ book_title }}</em>"
<input type="hidden" name="id" value="{{ readthrough.id }}"> <input type="hidden" name="id" value="{{ readthrough.id }}">
<input type="hidden" name="reading_status" value="stopped-reading"> <input type="hidden" name="reading_status" value="stopped-reading">
<input type="hidden" name="shelf" value="{{ move_from }}"> <input type="hidden" name="shelf" value="{{ move_from }}">
<input type="hidden" name="next" value="{{ request.path }}">
{% endblock %} {% endblock %}
{% block reading-dates %} {% block reading-dates %}

View file

@ -13,7 +13,6 @@ Want to Read "<em>{{ book_title }}</em>"
{% csrf_token %} {% csrf_token %}
<input type="hidden" name="reading_status" value="to-read"> <input type="hidden" name="reading_status" value="to-read">
<input type="hidden" name="shelf" value="{{ move_from }}"> <input type="hidden" name="shelf" value="{{ move_from }}">
<input type="hidden" name="next" value="{{ request.path }}">
{% endblock %} {% endblock %}
{% block form %} {% block form %}

View file

@ -22,7 +22,6 @@
<input type="hidden" name="book" value="{{ book.id }}"> <input type="hidden" name="book" value="{{ book.id }}">
<input type="hidden" name="change-shelf-from" value="{{ current.identifier }}"> <input type="hidden" name="change-shelf-from" value="{{ current.identifier }}">
<input type="hidden" name="shelf" value="{{ shelf.identifier }}"> <input type="hidden" name="shelf" value="{{ shelf.identifier }}">
<input type="hidden" name="next" value="{{ request.path }}">
<button class="button is-fullwidth is-small shelf-option is-radiusless has-background-body" type="submit" {% if shelf.identifier == current.identifier %}disabled{% endif %}> <button class="button is-fullwidth is-small shelf-option is-radiusless has-background-body" type="submit" {% if shelf.identifier == current.identifier %}disabled{% endif %}>
<span> <span>
{% include "snippets/translated_shelf_name.html" with shelf=shelf %} {% include "snippets/translated_shelf_name.html" with shelf=shelf %}
@ -78,7 +77,6 @@
{% csrf_token %} {% csrf_token %}
<input type="hidden" name="book" value="{{ book.id }}"> <input type="hidden" name="book" value="{{ book.id }}">
<input type="hidden" name="shelf" value="{{ user_shelf.id }}"> <input type="hidden" name="shelf" value="{{ user_shelf.id }}">
<input type="hidden" name="next" value="{{ request.path }}">
<button class="button is-fullwidth is-small is-radiusless is-danger is-light" type="submit"> <button class="button is-fullwidth is-small is-radiusless is-danger is-light" type="submit">
{% blocktrans with name=user_shelf|translate_shelf_name %}Remove from {{ name }}{% endblocktrans %} {% blocktrans with name=user_shelf|translate_shelf_name %}Remove from {{ name }}{% endblocktrans %}
</button> </button>
@ -93,7 +91,6 @@
{% csrf_token %} {% csrf_token %}
<input type="hidden" name="book" value="{{ book.id }}"> <input type="hidden" name="book" value="{{ book.id }}">
<input type="hidden" name="shelf" value="{{ shelf.id }}"> <input type="hidden" name="shelf" value="{{ shelf.id }}">
<input type="hidden" name="next" value="{{ request.path }}">
<button class="button is-fullwidth is-small is-radiusless is-danger is-light" type="submit">{% trans "Remove from" %} {{ shelf.name }}</button> <button class="button is-fullwidth is-small is-radiusless is-danger is-light" type="submit">{% trans "Remove from" %} {{ shelf.name }}</button>
</form> </form>
</li> </li>

View file

@ -1,6 +1,5 @@
{% load utilities %} {% load utilities %}
<form name="fallback_form_{{ 0|uuid }}" method="GET" action="{{ fallback_url }}" autocomplete="off"> <form name="fallback_form_{{ 0|uuid }}" method="GET" action="{{ fallback_url }}" autocomplete="off">
<input type="hidden" name="next" value="{{ request.path }}">
<button <button
type="submit" type="submit"
class="button {{ class }}" class="button {{ class }}"

View file

@ -45,7 +45,6 @@
<form name="shelve-{{ uuid }}-{{ shelf.identifier }}" action="/shelve/" method="post" autocomplete="off"> <form name="shelve-{{ uuid }}-{{ shelf.identifier }}" action="/shelve/" method="post" autocomplete="off">
{% csrf_token %} {% csrf_token %}
<input type="hidden" name="book" value="{{ active_shelf.book.id }}"> <input type="hidden" name="book" value="{{ active_shelf.book.id }}">
<input type="hidden" name="next" value="{{ request.path }}">
<button class="button {{ class }}" name="shelf" type="submit" value="{{ shelf.identifier }}" {% if book|is_book_on_shelf:shelf %} disabled {% endif %}> <button class="button {{ class }}" name="shelf" type="submit" value="{{ shelf.identifier }}" {% if book|is_book_on_shelf:shelf %} disabled {% endif %}>
<span>{{ shelf.name }}</span> <span>{{ shelf.name }}</span>
</button> </button>
@ -70,7 +69,6 @@
{% csrf_token %} {% csrf_token %}
<input type="hidden" name="book" value="{{ active_shelf.book.id }}"> <input type="hidden" name="book" value="{{ active_shelf.book.id }}">
<input type="hidden" name="shelf" value="{{ active_shelf.shelf.id }}"> <input type="hidden" name="shelf" value="{{ active_shelf.shelf.id }}">
<input type="hidden" name="next" value="{{ request.path }}">
<button class="button is-fullwidth is-small{% if dropdown %} is-radiusless{% endif %} is-danger is-light" type="submit"> <button class="button is-fullwidth is-small{% if dropdown %} is-radiusless{% endif %} is-danger is-light" type="submit">
{% blocktrans with name=active_shelf.shelf|translate_shelf_name %}Remove from {{ name }}{% endblocktrans %} {% blocktrans with name=active_shelf.shelf|translate_shelf_name %}Remove from {{ name }}{% endblocktrans %}
</button> </button>

View file

@ -62,7 +62,6 @@
<form name="shelve-{{ uuid }}-{{ shelf.identifier }}" action="/shelve/" method="post"> <form name="shelve-{{ uuid }}-{{ shelf.identifier }}" action="/shelve/" method="post">
{% csrf_token %} {% csrf_token %}
<input type="hidden" name="book" value="{{ active_shelf.book.id }}"> <input type="hidden" name="book" value="{{ active_shelf.book.id }}">
<input type="hidden" name="next" value="{{ request.path }}">
<button <button
class="button {{ class }}" class="button {{ class }}"
name="shelf" name="shelf"

View file

@ -43,7 +43,7 @@ class ReadingStatus(View):
@transaction.atomic @transaction.atomic
def post(self, request, status, book_id): def post(self, request, status, book_id):
"""Change the state of a book by shelving it and adding reading dates""" """Change the state of a book by shelving it and adding reading dates"""
next_step = request.POST.get("next", "/") next_step = request.META.get('HTTP_REFERER')
next_step = validate_url_domain(next_step, "/") next_step = validate_url_domain(next_step, "/")
identifier = { identifier = {
"want": models.Shelf.TO_READ, "want": models.Shelf.TO_READ,

View file

@ -36,7 +36,7 @@ def delete_shelf(request, shelf_id):
@transaction.atomic @transaction.atomic
def shelve(request): def shelve(request):
"""put a book on a user's shelf""" """put a book on a user's shelf"""
next_step = request.POST.get("next", "/") next_step = request.META.get('HTTP_REFERER')
next_step = validate_url_domain(next_step, "/") next_step = validate_url_domain(next_step, "/")
book = get_object_or_404(models.Edition, id=request.POST.get("book")) book = get_object_or_404(models.Edition, id=request.POST.get("book"))
desired_shelf = get_object_or_404( desired_shelf = get_object_or_404(
@ -98,7 +98,7 @@ def shelve(request):
@require_POST @require_POST
def unshelve(request, book_id=False): def unshelve(request, book_id=False):
"""remove a book from a user's shelf""" """remove a book from a user's shelf"""
next_step = request.POST.get("next", "/") next_step = request.META.get('HTTP_REFERER')
next_step = validate_url_domain(next_step, "/") next_step = validate_url_domain(next_step, "/")
identity = book_id if book_id else request.POST.get("book") identity = book_id if book_id else request.POST.get("book")
book = get_object_or_404(models.Edition, id=identity) book = get_object_or_404(models.Edition, id=identity)

View file

@ -59,7 +59,7 @@ class CreateStatus(View):
# pylint: disable=too-many-branches # pylint: disable=too-many-branches
def post(self, request, status_type, existing_status_id=None): def post(self, request, status_type, existing_status_id=None):
"""create status of whatever type""" """create status of whatever type"""
next_step = request.POST.get("next", "/") next_step = request.META.get('HTTP_REFERER')
next_step = validate_url_domain(next_step, "/") next_step = validate_url_domain(next_step, "/")
created = not existing_status_id created = not existing_status_id
existing_status = None existing_status = None
@ -170,7 +170,7 @@ def update_progress(request, book_id): # pylint: disable=unused-argument
def edit_readthrough(request): def edit_readthrough(request):
"""can't use the form because the dates are too finnicky""" """can't use the form because the dates are too finnicky"""
# TODO: remove this, it duplicates the code in the ReadThrough view # TODO: remove this, it duplicates the code in the ReadThrough view
next_step = request.POST.get("next", "/") next_step = request.META.get('HTTP_REFERER')
next_step = validate_url_domain(next_step, "/") next_step = validate_url_domain(next_step, "/")
readthrough = get_object_or_404(models.ReadThrough, id=request.POST.get("id")) readthrough = get_object_or_404(models.ReadThrough, id=request.POST.get("id"))