Commit 245399be authored by Malcolm Tredinnick's avatar Malcolm Tredinnick
Browse files

[1.0.X] Fixed #8963 -- Use the require_POST decorator instead of doing things... 

[1.0.X] Fixed #8963 -- Use the require_POST decorator instead of doing things manually in one of the comment views. Thanks, zgoda.

Bakcport of r9121 from trunk.


git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.0.X@9128 bcc190cf-cafb-0310-a4f2-bffc1f526a37
parent e88b70b7

django/contrib/comments/views/comments.py

+3 −5
Original line number Diff line number Diff line
@@ -7,6 +7,7 @@ from django.shortcuts import render_to_response 
from django.template import RequestContext

from django.template.loader import render_to_string

from django.utils.html import escape

from django.views.decorators.http import require_POST

from django.contrib import comments

from django.contrib.comments import signals
@@ -28,11 +29,6 @@ def post_comment(request, next=None): 
    HTTP POST is required. If ``POST['submit'] == "preview"`` or if there are

    errors a preview template, ``comments/preview.html``, will be rendered.

    """



    # Require POST

    if request.method != 'POST':

        return http.HttpResponseNotAllowed(["POST"])



    # Fill out some initial data fields from an authenticated user, if present

    data = request.POST.copy()

    if request.user.is_authenticated():
@@ -116,6 +112,8 @@ def post_comment(request, next=None): 


    return next_redirect(data, next, comment_done, c=comment._get_pk_val())



post_comment = require_POST(post_comment)



comment_done = confirmation_view(

    template = "comments/posted.html",

    doc = """Display a "comment was posted" success page."""