raoul
/
scribeengine
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Added authentication check for edit_POST (security issue)

This commit is contained in:
David Rubin 2010-01-18 23:16:11 +02:00
parent 8383d72436
commit 9898e04795
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
scribeengine/controllers/post.py
View File

@ -47,7 +47,8 @@ class PostController(BaseController):
c.post = Session.query(Post).get(id)
c.page_title = 'Edit Post: %s' % c.post.title
return render(u'/post/edit.mako')
@authenticate(u'Edit My Posts')
def edit_POST(self, id=None):
url = utils.generate_url(c.form_values[u'title'])
if id is None: