Added authentication check for edit_POST (security issue)
This commit is contained in:
parent
8383d72436
commit
9898e04795
@ -48,6 +48,7 @@ class PostController(BaseController):
|
|||||||
c.page_title = 'Edit Post: %s' % c.post.title
|
c.page_title = 'Edit Post: %s' % c.post.title
|
||||||
return render(u'/post/edit.mako')
|
return render(u'/post/edit.mako')
|
||||||
|
|
||||||
|
@authenticate(u'Edit My Posts')
|
||||||
def edit_POST(self, id=None):
|
def edit_POST(self, id=None):
|
||||||
url = utils.generate_url(c.form_values[u'title'])
|
url = utils.generate_url(c.form_values[u'title'])
|
||||||
if id is None:
|
if id is None:
|
||||||
|
Reference in New Issue
Block a user