diff options
Diffstat (limited to 'modules/middleware')
-rw-r--r-- | modules/middleware/context.go | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/modules/middleware/context.go b/modules/middleware/context.go index 6bd529cd1d..cf849802d9 100644 --- a/modules/middleware/context.go +++ b/modules/middleware/context.go @@ -319,7 +319,6 @@ func (f *Flash) Success(msg string) { // InitContext initializes a classic context for a request. func InitContext() martini.Handler { return func(res http.ResponseWriter, r *http.Request, c martini.Context, rd *Render) { - ctx := &Context{ c: c, // p: p, @@ -328,7 +327,6 @@ func InitContext() martini.Handler { Cache: setting.Cache, Render: rd, } - ctx.Data["PageStartTime"] = time.Now() // start session @@ -370,6 +368,14 @@ func InitContext() martini.Handler { ctx.Data["IsAdmin"] = ctx.User.IsAdmin } + // If request sends files, parse them here otherwise the Query() can't be parsed and the CsrfToken will be invalid. + if strings.Contains(r.Header.Get("Content-Type"), "multipart/form-data") { + if err = ctx.Req.ParseMultipartForm(setting.AttachmentMaxSize << 20); err != nil { // 32MB max size + ctx.Handle(500, "issue.Comment(ctx.Req.ParseMultipartForm)", err) + return + } + } + // get or create csrf token ctx.Data["CsrfToken"] = ctx.CsrfToken() ctx.Data["CsrfTokenHtml"] = template.HTML(`<input type="hidden" name="_csrf" value="` + ctx.csrfToken + `">`) |