Philip Jenvey avatar Philip Jenvey committed 0b3cae5

o no need to prefix the delete id with page-
o ensure delete and save only work for POSTs. the edit page was actually using
a GET form by mistake

Comments (0)

Files changed (3)


         if not page:
             page = Page()
             page.title = title
-        page.content = request.params.get('content','')
+        page.content = request.POST.get('content','')
         c.title = page.title
         c.content = page.get_wiki_content()
         c.message = 'Successfully saved'
     def delete(self):
         page_q = Session.query(Page)
-        title = request.params['id'][5:]
+        title = request.POST['id']
         page = page_q.filter_by(title=title).one()


 <h1 class="main">Editing ${c.title}</h1>
-${h.start_form(h.url_for(action='save', title=c.title), method="get")}
+${h.start_form(h.url_for(action='save', title=c.title), method="post")}
   ${h.text_area(name='content', rows=7, cols=40, content=c.content)} <br />
   ${h.submit(value="Save changes", name='commit')}


 % for title in c.titles:
-  <span id="page-${unicode(title)}">${title}</span>
+  <span id="${unicode(title)}">${title}</span>
   &nbsp;[${h.link_to('visit', h.url_for(title=title, action="index"))}]
-  ${h.draggable_element("page-"+ unicode(title), revert=True)}
+  ${h.draggable_element(unicode(title), revert=True)}
 % endfor
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.