Skip to content

Commit

Permalink
fix: Condition invalide pour échapper le CSRF (#1616)
Browse files Browse the repository at this point in the history
  • Loading branch information
@Guilouf
Guilouf authored Dec 30, 2024
1 parent 848df37 commit d35c21d
Showing 1 changed file with 3 additions and 9 deletions.
12 changes: 3 additions & 9 deletions lemarche/www/pages/views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
from django.utils import timezone
from django.views.generic import FormView, ListView, TemplateView, View
from django.views.generic.edit import FormMixin
from wagtail.models import Site as WagtailSite

from lemarche.perimeters.models import Perimeter
from lemarche.sectors.models import Sector
Expand All @@ -29,8 +30,6 @@
from lemarche.www.tenders.utils import create_tender_from_dict, get_or_create_user_from_anonymous_content
from lemarche.www.tenders.views import TenderCreateMultiStepView

from wagtail.models import Site as WagtailSite


class ContactView(SuccessMessageMixin, FormView):
template_name = "pages/contact.html"
Expand Down Expand Up @@ -231,13 +230,8 @@ def csrf_failure(request, reason=""): # noqa C901
# if path_add_tender in request.path:
is_adding = path_add_tender in request.path
is_update = path_update_tender in request.path
if (
is_adding
or is_update
and (
request.POST.get("tender_create_multi_step_view-current_step")
== TenderCreateMultiStepView.STEP_CONFIRMATION
)
if (is_adding or is_update) and (
request.POST.get("tender_create_multi_step_view-current_step") == TenderCreateMultiStepView.STEP_CONFIRMATION
):
# in some cases, there is no POST data...
# create initial tender_dict
Expand Down

0 comments on commit d35c21d

Please sign in to comment.