diff options
author | Evgeny Fadeev <evgeny.fadeev@gmail.com> | 2013-03-07 23:55:55 -0300 |
---|---|---|
committer | Evgeny Fadeev <evgeny.fadeev@gmail.com> | 2013-03-07 23:55:55 -0300 |
commit | 36dc72975136a9a99aa7eca677666048eaa12029 (patch) | |
tree | 9a175ac3aea852b0388084d22d0da554bea4c7fe | |
parent | 48879e31ffa9906c47c940e9b345a714e0d4c4ec (diff) | |
download | askbot-36dc72975136a9a99aa7eca677666048eaa12029.tar.gz askbot-36dc72975136a9a99aa7eca677666048eaa12029.tar.bz2 askbot-36dc72975136a9a99aa7eca677666048eaa12029.zip |
fixed an exception with bad data on comment delete
-rw-r--r-- | askbot/forms.py | 3 | ||||
-rw-r--r-- | askbot/views/writers.py | 13 |
2 files changed, 14 insertions, 2 deletions
diff --git a/askbot/forms.py b/askbot/forms.py index 276647f3..d6ee2bb1 100644 --- a/askbot/forms.py +++ b/askbot/forms.py @@ -1676,3 +1676,6 @@ class BulkTagSubscriptionForm(forms.Form): self.fields['users'] = forms.ModelMultipleChoiceField(queryset=User.objects.all()) if askbot_settings.GROUPS_ENABLED: self.fields['groups'] = forms.ModelMultipleChoiceField(queryset=Group.objects.exclude_personal()) + +class DeleteCommentForm(forms.Form): + comment_id = forms.IntegerField() diff --git a/askbot/views/writers.py b/askbot/views/writers.py index 8c421fb7..b9e637ad 100644 --- a/askbot/views/writers.py +++ b/askbot/views/writers.py @@ -17,7 +17,11 @@ from django.shortcuts import get_object_or_404 from django.shortcuts import render from django.contrib.auth.decorators import login_required from django.contrib.auth.models import User -from django.http import HttpResponseRedirect, HttpResponse, HttpResponseForbidden, Http404 +from django.http import HttpResponse +from django.http import HttpResponseBadRequest +from django.http import HttpResponseForbidden +from django.http import HttpResponseRedirect +from django.http import Http404 from django.utils import simplejson from django.utils.html import strip_tags, escape from django.utils.translation import get_language @@ -714,7 +718,12 @@ def delete_comment(request): raise exceptions.PermissionDenied(msg) if request.is_ajax(): - comment_id = request.POST['comment_id'] + form = forms.DeleteCommentForm(request.POST) + + if form.is_valid() == False: + return HttpResponseBadRequest() + + comment_id = form.cleaned_data['comment_id'] comment = get_object_or_404(models.Post, post_type='comment', id=comment_id) request.user.assert_can_delete_comment(comment) |