scratchfoundation/s2forums
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

reputation: check if post really belong to user

Browse source 
--HG--
branch : stable
This commit is contained in:
slav0nic 2012-06-16 12:45:32 +03:00
parent b8e27133d7
commit d7658490b3
2 changed files with 6 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.hgsubstate
View file

@ -1 +1 @@
0f1fddaeb9771a8e0aeae35c8cd66e24058c0bcc projects 07a9dad465bbd8654713e8d9d0479b83a1097be6 projects

5
djangobb_forum/forms.py
View file

@ -351,6 +351,11 @@ class ReputationForm(forms.ModelForm):
pass pass
else: else:
raise forms.ValidationError(_('You already voted for this post')) raise forms.ValidationError(_('You already voted for this post'))
# check if this post really belong to `from_user`
if not Post.objects.filter(pk=self.cleaned_data['post'].id, user=self.to_user).exists():
raise forms.ValidationError(_('This post does\'t belong to this user'))
return self.cleaned_data return self.cleaned_data