From f2f41b2266cce4fdadccf7f444ddf25aa99caffa Mon Sep 17 00:00:00 2001
From: jordan <jordan@0cfe37f9-358a-4d5e-be75-b63607b5c754>
Date: Tue, 22 May 2012 15:15:56 +0000
Subject: [PATCH] accept only POST requests for vote_post command, make the
 ajax command send only POST requests

git-svn-id: http://svn.osqa.net/svnroot/osqa/trunk@1267 0cfe37f9-358a-4d5e-be75-b63607b5c754
---
 forum/skins/default/media/js/osqa.main.js | 10 ++++++++--
 forum/views/commands.py                   |  2 +-
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/forum/skins/default/media/js/osqa.main.js b/forum/skins/default/media/js/osqa.main.js
index 2cae49e..1595df7 100644
--- a/forum/skins/default/media/js/osqa.main.js
+++ b/forum/skins/default/media/js/osqa.main.js
@@ -443,8 +443,14 @@ $(function() {
             var $dialog = show_dialog(doptions);
         } else {
             start_command();
-            $.getJSON(ajax_url, function(data) {
-                process_ajax_response(data, evt);
+            $.ajax({
+                url: ajax_url,
+                type: "POST",
+                dataType: "json",
+                contentType: "application/json; charset=utf-8",
+                success: function(data) {
+                    process_ajax_response(data, evt);
+                }
             });
         }
 
diff --git a/forum/views/commands.py b/forum/views/commands.py
index 51499a9..5271eec 100644
--- a/forum/views/commands.py
+++ b/forum/views/commands.py
@@ -75,7 +75,7 @@ class CannotDoubleActionException(CommandException):
 
 @decorate.withfn(command)
 def vote_post(request, id, vote_type):
-    if not request.is_ajax():
+    if not request.method == 'POST':
         raise CommandException(_("Invalid request"))
 
 
-- 
2.45.1