lsm/Orchard
1
0
Fork 0
mirror of https://github.com/OrchardCMS/Orchard.git synced 2025-10-15 19:54:57 +08:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

Changed DiscardDraft actions on page/blogpost to be antiforgery checked

Browse Source 
--HG--
branch : dev
This commit is contained in:
Erik Porter
2010-03-09 02:01:52 -08:00
parent 21bcaa1139
commit 012137726e
5 changed files with 13 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/Orchard.Web/Modules/Orchard.Blogs/Controllers/BlogPostAdminController.cs
View File

@@ -146,6 +146,7 @@ namespace Orchard.Blogs.Controllers {
return Redirect(Url.BlogPostEdit(model.BlogPost.Item));
}
[ValidateAntiForgeryTokenOrchard]
public ActionResult DiscardDraft(int id) {
// get the current draft version
var draft = Services.ContentManager.Get(id, VersionOptions.Draft);

2
src/Orchard.Web/Modules/Orchard.Blogs/Views/EditorTemplates/Items/Blogs.BlogPost.ascx
View File

@@ -13,7 +13,7 @@
<input class="button primaryAction" type="submit" name="submit.Save" value="<%=_Encoded("Save") %>"/><%
//TODO: (erikpo) In the future, remove the HasPublished check so the user can delete the content item from here if the choose to
if (Model.Item.HasDraft && Model.Item.HasPublished) { %>
<%=Html.ActionLink(T("Discard Draft").ToString(), "DiscardDraft", new { Area = "Orchard.Blogs", Controller = "BlogPostAdmin", id=Model.Item.Id }, new { @class = "button" })%><%
<%=Html.AntiForgeryTokenValueOrchardLink(T("Discard Draft").ToString(), Url.Action("DiscardDraft", new {Area = "Orchard.Blogs", Controller = "BlogPostAdmin", id = Model.Item.Id}), new {@class = "button"})%><%
} %>
</fieldset>
</div>

1
src/Orchard.Web/Modules/Orchard.Pages/Controllers/AdminController.cs
View File

@@ -213,6 +213,7 @@ namespace Orchard.Pages.Controllers {
return RedirectToAction("Edit", "Admin", new {id = model.Page.Item.ContentItem.Id});
}
[ValidateAntiForgeryTokenOrchard]
public ActionResult DiscardDraft(int id) {
// get the current draft version
var draft = Services.ContentManager.Get(id, VersionOptions.Draft);

2
src/Orchard.Web/Modules/Orchard.Pages/Views/EditorTemplates/Items/Pages.Page.ascx
View File

@@ -13,7 +13,7 @@
<input class="button primaryAction" type="submit" name="submit.Save" value="<%=_Encoded("Save") %>"/><%
//TODO: (erikpo) In the future, remove the HasPublished check so the user can delete the content item from here if the choose to
if (Model.Item.HasDraft && Model.Item.HasPublished) { %>
<%=Html.ActionLink(T("Discard Draft").ToString(), "DiscardDraft", new { Area = "Orchard.Pages", Controller = "Admin", Model.Item.Id }, new { @class = "button" })%><%
<%=Html.AntiForgeryTokenValueOrchardLink(T("Discard Draft").ToString(), Url.Action("DiscardDraft", new {Area = "Orchard.Pages", Controller = "Admin", id = Model.Item.Id}), new {@class = "button"})%><%
} %>
</fieldset>
</div>