Changed delete feature to only support POST method. Fix #21.

1 files changed, 7 insertions, 3 deletions

diff --git a/budget/templates/list_bills.html b/budget/templates/list_bills.html
index b698da6..7d3ff11 100644
--- a/budget/templates/list_bills.html
+++ b/budget/templates/list_bills.html
@@ -27,7 +27,7 @@
     // ask for confirmation before removing an user
     $('.action').each(function(){
         $(this).hide();
-        var link = $(this).find('a');
+        var link = $(this).find('button');
         link.click(function(){
             if ($(this).hasClass("confirm")){
                 return true;
@@ -83,9 +83,13 @@
             {% if balance[member.id] > 0 %}+{% endif %}{{ balance[member.id] }}
         </td>
         {% if member.activated %}
-        <td class="action delete"> <a href="{{ url_for(".remove_member", member_id=member.id) }}">{{ _("delete") }}</a></td>
+        <td class="action delete">
+            <form action="{{ url_for(".remove_member", member_id=member.id) }}" method="POST">
+                <button type="submit">{{ _("delete") }}</button></form></td>
         {% else %}
-        <td class="action reactivate"> <a href="{{ url_for(".reactivate", member_id=member.id) }}">{{ _("reactivate") }}</a></td>
+        <td class="action reactivate">
+            <form action="{{ url_for(".reactivate", member_id=member.id) }}" method="POST">
+                <button type="submit">{{ _("reactivate") }}</button></form></td>
         {% endif %}
     </tr>
     {% endfor %}