2 つのフォームを生成するテンプレートがあります。フォームは、POST 経由でデータを取得するために使用されます
問題は、ユーザーがプロセスなどの入力属性名を削除するなど、POST を介してデータを改ざんする場合です。
-----------------------------4827543632391\r\nContent-Disposition: フォーム データ。name="csrfmiddlewaretoken"\r\n\r\nYWSIqoP9MjdKYlauwT5fSdxtFH2rcoaH\r\n-----------------------------4827543632391\r\ nContent-Disposition: フォーム データ。name="ボード"\r\n\r\n\r\n-----------------------------4827543632391\r\ nContent-Disposition: フォーム データ。name="プロセス"\r\n\r\n削除\r\n-----------------------------4827543632391--\ r\n
ユーザーが名前から値プロセスを削除すると、このエラーが発生します。
このエラーに対処し、ユーザーがフォームを改ざんできないようにするにはどうすればよいですか?
MultiValueDictKeyError at /whiteboardeditor/
Key 'process' not found in <QueryDict: {u'': [u'delete'], u'csrfmiddlewaretoken': [u'YWSIqoP9MjdKYlauwT5fSdxtFH2rcoaH'], u'board': [u'2']}>
File "C:\o\17\mysite\pet\views.py" in WhiteBoardEditor
362. if request.POST['process'] == 'primary':
File "C:\Python26\lib\site-packages\django\utils\datastructures.py" in __getitem__
258. raise MultiValueDictKeyError("Key %r not found in %r" % (key, self))
Exception Type: MultiValueDictKeyError at /whiteboardeditor/
Exception Value: Key 'process' not found in <QueryDict: {u'': [u'delete'], u'csrfmiddlewaretoken': [u'YWSIqoP9MjdKYlauwT5fSdxtFH2rcoaH'], u'board': [u'2']}>
私のhtml
<form method="POST" enctype="multipart/form-data">
{% csrf_token %}
{{ boardpicture.as_p }}
<input type = "hidden" name="process" value= "primary" />
<input type = "submit" value= "save" />
</form>
{% for p in picture %}
<li><a href ="{% url world:delpic p.id 1 %}">{{p.description}}</a>
{% endfor %}
<form method="POST" enctype="multipart/form-data">
{% csrf_token %}
{{ picturedelete.as_p }}
<input type = "hidden" name="process" value= "delete" />
<input type = "submit" value= "save" />
</form>
</form>
{% for pi in pict %}
<li><a href ="{% url world:delpic pi.id 2 %}">{{ pi.description }}</a>
{% endfor %}
私のviews.py
def WhiteBoardEditor(request):
if not request.user.is_authenticated():
return HttpResponseRedirect(reverse('world:LoginRequest'))
picture = {}
pict = {}
if request.method == "POST":
forms = WhiteBoardPictureForm(request.user,request.POST,)
formss = PictureDeleteForm(request.user,request.POST,)
if request.POST['process'] == 'primary':
if forms.is_valid():
board = forms.cleaned_data['board']
if board:
boards = forms.cleaned_data['board']
picture = Picture.objects.filter(board=boards)
return render(request,'boardeditor.html',{
'picture':picture,
'boardpicture':WhiteBoardPictureForm(request.user),
'picturedelete':PictureDeleteForm(request.user)})
elif request.POST['process'] == 'delete':
if formss.is_valid():
pooh = formss.cleaned_data['board']
if pooh:
pooh = formss.cleaned_data['board']
pict = Picture.objects.filter(board=pooh)
return render(request,'boardeditor.html',{
'pict':pict,
'boardpicture':WhiteBoardPictureForm(request.user),
'picturedelete':PictureDeleteForm(request.user)})
return render(request,'boardeditor.html',{'board':WhiteBoardNameForm(request.user),'boardpicture':WhiteBoardPictureForm(request.user),'picturedelete':PictureDeleteForm(request.user)})
私のviews.py
class WhiteBoardPictureForm(forms.ModelForm):
def __init__(self, user, *args, **kwargs):
super(WhiteBoardPictureForm, self).__init__(*args, **kwargs)
self.fields['board'].queryset = Board.objects.filter(user=user)
class Meta:
model = Picture
fields = ('board',)
class PictureDeleteForm(forms.ModelForm):
def __init__(self, user, *args, **kwargs):
super(PictureDeleteForm, self).__init__(*args, **kwargs)
self.fields['board'].queryset = Board.objects.filter(user=user)
class Meta:
model = Picture
fields = ('board',)