From 523b9f9b2a8fdea4745eef0598467bdb5eb96172 Mon Sep 17 00:00:00 2001
From: Martin Mares <mj@ucw.cz>
Date: Sun, 13 Nov 2022 13:43:24 +0100
Subject: [PATCH] =?UTF-8?q?M=C3=ADsta:=20Formul=C3=A1=C5=99=20pro=20hled?=
 =?UTF-8?q?=C3=A1n=C3=AD=20pou=C5=BE=C3=ADv=C3=A1=20GET?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 mo/web/org_place.py             | 7 ++++---
 mo/web/templates/org_place.html | 2 +-
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/mo/web/org_place.py b/mo/web/org_place.py
index be48bc15..a37e46bd 100644
--- a/mo/web/org_place.py
+++ b/mo/web/org_place.py
@@ -23,7 +23,7 @@ class PlaceSearchForm(FlaskForm):
     submit = wtforms.SubmitField('Hledat')
 
 
-@app.route('/org/place/<int:id>/', methods=('GET', 'POST'))
+@app.route('/org/place/<int:id>/')
 def org_place(id: int):
     sess = db.get_session()
 
@@ -31,11 +31,12 @@ def org_place(id: int):
     if not place:
         raise werkzeug.exceptions.NotFound()
 
-    search_form = PlaceSearchForm()
+    # Formulář nemá side-efekty, takže to může být GET bez CSRF.
+    search_form = PlaceSearchForm(request.args, meta={'csrf': False})
     found_places = None
     search_failed = False
     search_limited = False
-    if search_form.validate_on_submit():
+    if 'submit' in request.args and search_form.validate():
         query = search_form.query.data
         query_words = query.split()
 
diff --git a/mo/web/templates/org_place.html b/mo/web/templates/org_place.html
index 5c4a8b80..14d21ac3 100644
--- a/mo/web/templates/org_place.html
+++ b/mo/web/templates/org_place.html
@@ -50,7 +50,7 @@
 </div>
 {% endif %}
 
-{{ wtf.quick_form(search_form, form_type='inline', button_map={'submit': 'primary'}) }}
+{{ wtf.quick_form(search_form, method='GET', form_type='inline', button_map={'submit': 'primary'}) }}
 
 {% if found_places %}
 	<table class=data>
-- 
GitLab