Added authentication check for edit_POST (security issue)
This commit is contained in:
parent
8383d72436
commit
9898e04795
@ -47,7 +47,8 @@ class PostController(BaseController):
|
||||
c.post = Session.query(Post).get(id)
|
||||
c.page_title = 'Edit Post: %s' % c.post.title
|
||||
return render(u'/post/edit.mako')
|
||||
|
||||
|
||||
@authenticate(u'Edit My Posts')
|
||||
def edit_POST(self, id=None):
|
||||
url = utils.generate_url(c.form_values[u'title'])
|
||||
if id is None:
|
||||
|
Reference in New Issue
Block a user