0
我有一個生成2個表單的模板。這些表單用於通過POST檢索數據MultiValueDictKeyError at/boardeditor/
問題是當用戶通過POST篡改數據時,例如刪除名爲process的輸入屬性名稱。
----------------------------- 4827543632391 \ r \ n Content-Disposition:form-data; NAME = 「csrfmiddlewaretoken爲」 \ r \ n \ r \ nYWSIqoP9MjdKYlauwT5fSdxtFH2rcoaH \ r \ n ----------------------------- 4827543632391 \ r \ nContent-Disposition:表單數據; NAME = 「板」 \ r \ n \ r \ n \ r \ n ----------------------------- 4827543632391 \ r \ nContent-Disposition:表單數據;名稱= 「過程爲」 \ r \ n \ r \ n刪除\ r \ n ----------------------------- 4827543632391 - \ r \ n
我得到這個錯誤如果用戶從名稱中刪除值過程。
如何解決此錯誤並防止用戶篡改表單。
MultiValueDictKeyError at /whiteboardeditor/
Key 'process' not found in <QueryDict: {u'': [u'delete'], u'csrfmiddlewaretoken': [u'YWSIqoP9MjdKYlauwT5fSdxtFH2rcoaH'], u'board': [u'2']}>
File "C:\o\17\mysite\pet\views.py" in WhiteBoardEditor
362. if request.POST['process'] == 'primary':
File "C:\Python26\lib\site-packages\django\utils\datastructures.py" in __getitem__
258. raise MultiValueDictKeyError("Key %r not found in %r" % (key, self))
Exception Type: MultiValueDictKeyError at /whiteboardeditor/
Exception Value: Key 'process' not found in <QueryDict: {u'': [u'delete'], u'csrfmiddlewaretoken': [u'YWSIqoP9MjdKYlauwT5fSdxtFH2rcoaH'], u'board': [u'2']}>
我的HTML
<form method="POST" enctype="multipart/form-data">
{% csrf_token %}
{{ boardpicture.as_p }}
<input type = "hidden" name="process" value= "primary" />
<input type = "submit" value= "save" />
</form>
{% for p in picture %}
<li><a href ="{% url world:delpic p.id 1 %}">{{p.description}}</a>
{% endfor %}
<form method="POST" enctype="multipart/form-data">
{% csrf_token %}
{{ picturedelete.as_p }}
<input type = "hidden" name="process" value= "delete" />
<input type = "submit" value= "save" />
</form>
</form>
{% for pi in pict %}
<li><a href ="{% url world:delpic pi.id 2 %}">{{ pi.description }}</a>
{% endfor %}
我views.py
def WhiteBoardEditor(request):
if not request.user.is_authenticated():
return HttpResponseRedirect(reverse('world:LoginRequest'))
picture = {}
pict = {}
if request.method == "POST":
forms = WhiteBoardPictureForm(request.user,request.POST,)
formss = PictureDeleteForm(request.user,request.POST,)
if request.POST['process'] == 'primary':
if forms.is_valid():
board = forms.cleaned_data['board']
if board:
boards = forms.cleaned_data['board']
picture = Picture.objects.filter(board=boards)
return render(request,'boardeditor.html',{
'picture':picture,
'boardpicture':WhiteBoardPictureForm(request.user),
'picturedelete':PictureDeleteForm(request.user)})
elif request.POST['process'] == 'delete':
if formss.is_valid():
pooh = formss.cleaned_data['board']
if pooh:
pooh = formss.cleaned_data['board']
pict = Picture.objects.filter(board=pooh)
return render(request,'boardeditor.html',{
'pict':pict,
'boardpicture':WhiteBoardPictureForm(request.user),
'picturedelete':PictureDeleteForm(request.user)})
return render(request,'boardeditor.html',{'board':WhiteBoardNameForm(request.user),'boardpicture':WhiteBoardPictureForm(request.user),'picturedelete':PictureDeleteForm(request.user)})
我views.py
class WhiteBoardPictureForm(forms.ModelForm):
def __init__(self, user, *args, **kwargs):
super(WhiteBoardPictureForm, self).__init__(*args, **kwargs)
self.fields['board'].queryset = Board.objects.filter(user=user)
class Meta:
model = Picture
fields = ('board',)
class PictureDeleteForm(forms.ModelForm):
def __init__(self, user, *args, **kwargs):
super(PictureDeleteForm, self).__init__(*args, **kwargs)
self.fields['board'].queryset = Board.objects.filter(user=user)
class Meta:
model = Picture
fields = ('board',)
羅漢如果用戶刪除csrfmiddlewaretoken添加一個檢查。我得到這個錯誤CSRF驗證失敗。請求中止。 。我無法解決這個錯誤。你能幫我嗎?謝謝Rohan – donkeyboy72 2013-04-08 11:23:48
@ donkeyboy72,這是django的功能,以防止跨站點引用。查看這裏的文檔https://docs.djangoproject.com/en/dev/ref/contrib/csrf/,看看你能做什麼以及如何做。 – Rohan 2013-04-08 14:20:25
羅漢非常感謝。你是美好的人 – donkeyboy72 2013-04-08 14:21:29