[Pypi-checkins] r960 - trunk/pypi

Tue Aug 23 08:48:28 CEST 2011

Author: richard
Date: Tue Aug 23 08:48:28 2011
New Revision: 960

Modified:
   trunk/pypi/webui.py
Log:
remove csrf token check from distutils register/upload command handlers


Modified: trunk/pypi/webui.py
==============================================================================

--- trunk/pypi/webui.py	(original)
+++ trunk/pypi/webui.py	Tue Aug 23 08:48:28 2011
@@ -1776,9 +1776,6 @@
             self.validate_metadata(data)
         except ValueError, message:
             raise FormError, message
-            
-        if self.form['CSRFToken'] != self.store.get_token(self.username):
-            raise FormError, "Form Failure; reset form submission"
 
         name = data['name']
         version = data['version']
@@ -2130,8 +2127,6 @@
         if not self.authenticated:
             raise Unauthorised, \
                 "You must be identified to edit package information"
-        if self.form['CSRFToken'] != self.store.get_token(self.username):
-            raise FormError, "Form Failure; reset form submission"
 
         # Verify protocol version
         if self.form.has_key('protocol_version'):
