scratchfoundation/s2forums
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fixed security hole in mobile reply page

Browse source
This commit is contained in:
Nathan Dinsmore 2013-02-20 17:52:53 -05:00
parent 13943a9e92
commit 3207a7bb93
1 changed files with 2 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
djangobb_forum/views.py
View file

@ -987,6 +987,8 @@ def show_youtube_video(request, video_id):
@login_required
def mobile_reply(request, post_id):
post = get_object_or_404(Post, id=post_id)
if post.topic.closed and not (request.user.is_superuser or request.user in forum.moderators.all()):
raise Http404
ip = request.META.get('REMOTE_ADDR', None)
post_form_kwargs = {"topic":post.topic, "user":request.user, "ip":ip}
if AddPostForm.FORM_NAME in request.POST: