raoul/old-scribeengine
Archived
1
0
Fork 0
Code Issues 3 Pull Requests Projects 1 Releases Wiki Activity

A couple of security fixes.

Browse Source
This commit is contained in:
Raoul Snyman 2010-01-19 22:56:05 +02:00
commit d2907d72e8
3 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
scribeengine/controllers/blog.py
View File

@ -71,6 +71,7 @@ class BlogController(BaseController):
c.page_title = c.post.title c.page_title = c.post.title
return render(u'/blog/view.mako') return render(u'/blog/view.mako')
@authenticate()
def comment_POST(self, id): def comment_POST(self, id):
if not id: if not id:
h.flash.set_message(u'There was a problem submitting your comment.', u'error') h.flash.set_message(u'There was a problem submitting your comment.', u'error')

2
scribeengine/templates/base.mako
View File

@ -20,7 +20,9 @@
<li><a href="${page.url}">${page.name}</a></li> <li><a href="${page.url}">${page.name}</a></li>
% endfor % endfor
% if c.current_user: % if c.current_user:
% if c.current_user.has_permission('Add Posts'):
<li><a href="${h.url_for(controller='post', action='new')}">New Post</a></li> <li><a href="${h.url_for(controller='post', action='new')}">New Post</a></li>
% endif
<li><a href="${h.url_for(controller='admin', action='logout')}">Logout</a></li> <li><a href="${h.url_for(controller='admin', action='logout')}">Logout</a></li>
% else: % else:
<li><a href="${h.url_for(controller='admin', action='login')}">Login</a></li> <li><a href="${h.url_for(controller='admin', action='login')}">Login</a></li>