diff options
author | Evgeny Fadeev <evgeny.fadeev@gmail.com> | 2013-03-07 23:55:55 -0300 |
---|---|---|
committer | Evgeny Fadeev <evgeny.fadeev@gmail.com> | 2013-03-07 23:55:55 -0300 |
commit | 36dc72975136a9a99aa7eca677666048eaa12029 (patch) | |
tree | 9a175ac3aea852b0388084d22d0da554bea4c7fe /askbot/views | |
parent | 48879e31ffa9906c47c940e9b345a714e0d4c4ec (diff) | |
download | askbot-36dc72975136a9a99aa7eca677666048eaa12029.tar.gz askbot-36dc72975136a9a99aa7eca677666048eaa12029.tar.bz2 askbot-36dc72975136a9a99aa7eca677666048eaa12029.zip |
fixed an exception with bad data on comment delete
Diffstat (limited to 'askbot/views')
-rw-r--r-- | askbot/views/writers.py | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/askbot/views/writers.py b/askbot/views/writers.py index 8c421fb7..b9e637ad 100644 --- a/askbot/views/writers.py +++ b/askbot/views/writers.py @@ -17,7 +17,11 @@ from django.shortcuts import get_object_or_404 from django.shortcuts import render from django.contrib.auth.decorators import login_required from django.contrib.auth.models import User -from django.http import HttpResponseRedirect, HttpResponse, HttpResponseForbidden, Http404 +from django.http import HttpResponse +from django.http import HttpResponseBadRequest +from django.http import HttpResponseForbidden +from django.http import HttpResponseRedirect +from django.http import Http404 from django.utils import simplejson from django.utils.html import strip_tags, escape from django.utils.translation import get_language @@ -714,7 +718,12 @@ def delete_comment(request): raise exceptions.PermissionDenied(msg) if request.is_ajax(): - comment_id = request.POST['comment_id'] + form = forms.DeleteCommentForm(request.POST) + + if form.is_valid() == False: + return HttpResponseBadRequest() + + comment_id = form.cleaned_data['comment_id'] comment = get_object_or_404(models.Post, post_type='comment', id=comment_id) request.user.assert_can_delete_comment(comment) |