def project_edit(request, project_id):
proj = Project.objects.get(pk=project_id)
if request.method == 'POST':
title = request.POST.get('title', False)
text = request.POST.get('text', False)
project_priority = int(request.POST.get('project_priority', False))
project_duedate = datetime.datetime.fromtimestamp(
int(request.POST.get('project_duedate', False)))
proj.title = title
proj.text = text
proj.priority = project_priority
proj.due_date = project_duedate
proj.save()
return redirect('/taskManager/' + project_id + '/')
else:
return render_to_response(
'taskManager/project_edit.html', {'proj': proj}, RequestContext(request))
# A4: Insecure Direct Object Reference (IDOR)
评论列表
文章目录
