From d423b4023958ebb641b37db83c1980cc51246ffb Mon Sep 17 00:00:00 2001 From: Sunil Mohan Adapa Date: Mon, 23 Dec 2024 23:36:59 -0800 Subject: [PATCH] backups: Require POST method for mount/unmount operations Tests: - Sending GET requests to the two views by opening theirs URLs in the browser show a blank page. Actions are not performed. Signed-off-by: Sunil Mohan Adapa Reviewed-by: James Valleroy --- plinth/modules/backups/views.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/plinth/modules/backups/views.py b/plinth/modules/backups/views.py index 134f80860..a05c73ac6 100644 --- a/plinth/modules/backups/views.py +++ b/plinth/modules/backups/views.py @@ -17,6 +17,7 @@ from django.urls import reverse, reverse_lazy from django.utils.decorators import method_decorator from django.utils.translation import gettext as _ from django.utils.translation import gettext_lazy +from django.views.decorators.http import require_POST from django.views.generic import FormView, TemplateView, View from plinth.errors import PlinthError @@ -472,6 +473,7 @@ class RemoveRepositoryView(SuccessMessageMixin, TemplateView): return redirect('backups:index') +@require_POST def umount_repository(request, uuid): """View to unmount a remote SSH repository.""" repository = SshBorgRepository.load(uuid) @@ -482,6 +484,7 @@ def umount_repository(request, uuid): return redirect('backups:index') +@require_POST def mount_repository(request, uuid): """View to mount a remote SSH repository.""" # Do not mount unverified ssh repositories. Prompt for verification.