Added authentication check for edit_POST (security issue)

This commit is contained in:
David Rubin 2010-01-18 23:16:11 +02:00
parent 8383d72436
commit 9898e04795

View File

@ -47,7 +47,8 @@ class PostController(BaseController):
c.post = Session.query(Post).get(id)
c.page_title = 'Edit Post: %s' % c.post.title
return render(u'/post/edit.mako')
@authenticate(u'Edit My Posts')
def edit_POST(self, id=None):
url = utils.generate_url(c.form_values[u'title'])
if id is None: