raoul/old-scribeengine
Archived
1
0
Fork 0
Code Issues 3 Pull Requests Projects 1 Releases Wiki Activity

Added authentication check for edit_POST (security issue)

Browse Source
This commit is contained in:
David Rubin 2010-01-18 23:16:11 +02:00
parent 8383d72436
commit 9898e04795
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
scribeengine/controllers/post.py
View File

@ -48,6 +48,7 @@ class PostController(BaseController):
c.page_title = 'Edit Post: %s' % c.post.title
return render(u'/post/edit.mako')
@authenticate(u'Edit My Posts')
def edit_POST(self, id=None):
url = utils.generate_url(c.form_values[u'title'])
if id is None: