]> git.openstreetmap.org Git - osqa.git/blobdiff - forum/models/comment.py
allow only AJAX requests for post votes, otherwise it makes CSRF possible
[osqa.git] / forum / models / comment.py
index b62e7b5e97e6b399498cfa40049129d63ba2bb3f..afa674f403381c658980d3420f2f2f53673e1180 100644 (file)
@@ -16,6 +16,9 @@ class Comment(Node):
 
     @property
     def comment(self):
+        return self._comment()
+
+    def _comment(self):
         if settings.FORM_ALLOW_MARKDOWN_IN_COMMENTS:
             return self.as_markdown('limitedsyntax')
         else: