decentral1se/pandora
1
0
Fork 0
forked from 0x2620/pandora
Code Issues Pull requests Projects Releases Wiki Activity

first round of input sanitization

Browse source
This commit is contained in:
j 2012-02-21 21:56:06 +05:30
commit 67bc4475e9
7 changed files with 44 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

4
pandora/item/views.py
View file

@ -433,10 +433,10 @@ def edit(request):
response = json_response(status=200, text='ok')
if 'notes' in data:
if request.user.get_profile().capability('canEditMetadata'):
item.notes = data['notes']
item.notes = ox.parse_html(data['notes'])
del data['notes']
if 'rightslevel' in data:
item.level = data['rightslevel']
item.level = int(data['rightslevel'])
del data['rightslevel']
if 'user' in data:
if request.user.get_profile().get_level() in ('admin', 'staff') and \