From a59465c9a5fa18be31f5698e07800387d0a8c4ff Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Sureau?= <frederic.sureau@gmail.com>
Date: Sat, 28 Jan 2012 01:35:04 +0100
Subject: Changed delete feature to only support POST method. Fix #21.

---
 budget/web.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'budget/web.py')

diff --git a/budget/web.py b/budget/web.py
index 2a3715e..bee07e0 100644
--- a/budget/web.py
+++ b/budget/web.py
@@ -185,7 +185,7 @@ def edit_project():
 
     return render_template("edit_project.html", form=form)
 
-@main.route("/<project_id>/delete", methods=["GET"])
+@main.route("/<project_id>/delete", methods=["POST"])
 def remove_project():
     g.project.remove_project()
 
@@ -265,7 +265,7 @@ def add_member():
 
     return render_template("add_member.html", form=form)
 
-@main.route("/<project_id>/members/<member_id>/reactivate", methods=["GET",])
+@main.route("/<project_id>/members/<member_id>/reactivate", methods=["POST"])
 def reactivate(member_id):
     person = Person.query.filter(Person.id == member_id)\
                 .filter(Project.id == g.project.id).all()
@@ -276,7 +276,7 @@ def reactivate(member_id):
     return redirect(url_for(".list_bills"))
 
 
-@main.route("/<project_id>/members/<member_id>/delete", methods=["GET", "POST"])
+@main.route("/<project_id>/members/<member_id>/delete", methods=["POST"])
 def remove_member(member_id):
     member = g.project.remove_member(member_id)
     if member.activated == False:
-- 
cgit v1.1