chiark / gitweb /
~mdw / chopwood / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
{cgi,cmd-cgi,httpauth}.py: Check request methods on CGI commands.
[chopwood] / cmd-cgi.py
diff --git a/cmd-cgi.py b/cmd-cgi.py
index 63253b74a068924a0f1ae99f545ce3bc16b623ef..104dd6afa9c43298cda12c0085d1cdbc01a450c2 100644 (file)
--- a/cmd-cgi.py
+++ b/cmd-cgi.py
@@ -65,6 +65,7 @@ def cmd_list_cgi():
 
 @CGI.subcommand(
   'set', ['cgi'], 'Set password for a collection of services.',
 
 @CGI.subcommand(
   'set', ['cgi'], 'Set password for a collection of services.',
+  methods = ['POST'],
   params = [SC.Arg('first'), SC.Arg('second')],
   rparam = SC.Arg('services'))
 def cmd_set_cgi(first, second, services = []):
   params = [SC.Arg('first'), SC.Arg('second')],
   rparam = SC.Arg('services'))
 def cmd_set_cgi(first, second, services = []):
@@ -74,6 +75,7 @@ def cmd_set_cgi(first, second, services = []):
 @CGI.subcommand(
   'reset', ['cgi'],
   'Reset passwords for a collection of services.',
 @CGI.subcommand(
   'reset', ['cgi'],
   'Reset passwords for a collection of services.',
+  methods = ['POST'],
   rparam = SC.Arg('services'))
 def cmd_reset_cgi(services = []):
   operate('reset passwords', 'reset', services)
   rparam = SC.Arg('services'))
 def cmd_reset_cgi(services = []):
   operate('reset passwords', 'reset', services)
@@ -81,13 +83,15 @@ def cmd_reset_cgi(services = []):
 @CGI.subcommand(
   'clear', ['cgi'],
   'Clear passwords for a collection of services.',
 @CGI.subcommand(
   'clear', ['cgi'],
   'Clear passwords for a collection of services.',
+  methods = ['POST'],
   rparam = SC.Arg('services'))
 def cmd_clear_cgi(services = []):
   operate('clear passwords', 'clear', services)
 
 @CGI.subcommand(
   'logout', ['cgi'],
   rparam = SC.Arg('services'))
 def cmd_clear_cgi(services = []):
   operate('clear passwords', 'clear', services)
 
 @CGI.subcommand(
   'logout', ['cgi'],
-  'Log out of the web interface.')
+  'Log out of the web interface.',
+  methods = ['POST'])
 def cmd_logout_cgi():
   CGI.redirect(CGI.action('login', why = 'LOGOUT'),
                set_cookie = HA.bake_cookie('logged-out'))
 def cmd_logout_cgi():
   CGI.redirect(CGI.action('login', why = 'LOGOUT'),
                set_cookie = HA.bake_cookie('logged-out'))
A password-changing service.