Mercurial > public > sg101

--- a/gpp/messages/views.py	Sat Dec 19 22:20:09 2009 +0000
+++ b/gpp/messages/views.py	Sun Dec 20 05:21:57 2009 +0000
@@ -8,6 +8,7 @@
 from django.shortcuts import get_object_or_404
 from django.core.urlresolvers import reverse
 from django.http import Http404
+from django.views.decorators.http import require_POST

 from messages.models import Message
 from messages.models import Options
@@ -162,6 +163,7 @@


 @login_required
+@require_POST
 def delete(request, msg_id):
     """
     Deletes a given message. The user must be either the sender or
@@ -208,6 +210,7 @@


 @login_required
+@require_POST
 def undelete(request, msg_id):
     """
     Undeletes a given message. The user must be either the sender or
--- a/gpp/templates/messages/view.html	Sat Dec 19 22:20:09 2009 +0000
+++ b/gpp/templates/messages/view.html	Sun Dec 20 05:21:57 2009 +0000
@@ -20,12 +20,16 @@
    {{ msg.sender.get_profile.signature_html|safe }}
 </div>
 {% endif %}
-<p>
 {% if is_deleted %}
-<a href="{% url messages-undelete msg.id %}{% if box %}?box={{ box }}{% endif %}">Undelete</a>
+<form action="{% url messages-undelete msg.id %}" method="post">
+   {% if box %}<input type="hidden" name="box" value="{{ box }}" />{% endif %}
+   <input type="submit" value="Undelete" />
+</form>
 {% else %}
 <a href="{% url messages-reply msg.id %}{% if box %}?box={{ box }}{% endif %}">Reply</a> |
-<a href="{% url messages-delete msg.id %}{% if box %}?box={{ box }}{% endif %}">Delete</a>
+<form action="{% url messages-delete msg.id %}" method="post" class="messages-button">
+   {% if box %}<input type="hidden" name="box" value="{{ box }}" />{% endif %}
+   <input type="submit" value="Delete" />
+</form>
 {% endif %}
-</p>
 {% endblock %}