From 9898e047959474979d4ae178bfdeb8587a33b077 Mon Sep 17 00:00:00 2001
From: David Rubin <drubin@rizmo>
Date: Mon, 18 Jan 2010 23:16:11 +0200
Subject: [PATCH] Added authentication check for edit_POST (security issue)

---
 scribeengine/controllers/post.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/scribeengine/controllers/post.py b/scribeengine/controllers/post.py
index cba2b1f..b8bd3d8 100644
--- a/scribeengine/controllers/post.py
+++ b/scribeengine/controllers/post.py
@@ -47,7 +47,8 @@ class PostController(BaseController):
         c.post = Session.query(Post).get(id)
         c.page_title = 'Edit Post: %s' % c.post.title
         return render(u'/post/edit.mako')
-
+        
+    @authenticate(u'Edit My Posts')
     def edit_POST(self, id=None):
         url = utils.generate_url(c.form_values[u'title'])
         if id is None: