From: Fredrik Tolf <fredrik@dolda2000.com>
Date: Sun, 23 Dec 2012 05:45:45 +0000 (+0100)
Subject: Disallow non-GET requests in wmako.
X-Git-Url: http://dolda2000.com/gitweb/?p=wrw.git;a=commitdiff_plain;h=54e74e803911e7fb0f861eb33b5b0d053cb7e79b

Disallow non-GET requests in wmako.
---

diff --git a/wrw/wmako.py b/wrw/wmako.py
index 491d8b3..13ce342 100644
--- a/wrw/wmako.py
+++ b/wrw/wmako.py
@@ -1,6 +1,6 @@
 import os, threading
 from mako import template, lookup, filters
-import util, form, session, env
+import util, form, session, env, resp
 
 # It seems Mako isn't thread-safe.
 makolock = threading.Lock()
@@ -43,6 +43,8 @@ def handle(req, filename, **kw):
 
 @util.wsgiwrap
 def application(req):
+    if req.method not in ["GET", "HEAD"]:
+        raise resp.httperror(405)
     return handle(req, req.filename,
                   form = form.formdata(req),
                   session = session.get(req))