Added authentication check for edit_POST (security issue)

This commit is contained in:
David Rubin 2010-01-18 23:16:11 +02:00
parent 8383d72436
commit 9898e04795

View File

@ -48,6 +48,7 @@ class PostController(BaseController):
c.page_title = 'Edit Post: %s' % c.post.title c.page_title = 'Edit Post: %s' % c.post.title
return render(u'/post/edit.mako') return render(u'/post/edit.mako')
@authenticate(u'Edit My Posts')
def edit_POST(self, id=None): def edit_POST(self, id=None):
url = utils.generate_url(c.form_values[u'title']) url = utils.generate_url(c.form_values[u'title'])
if id is None: if id is None: