diff options
| author | Rodney Ewing <ewing.rj@gmail.com> | 2013-08-07 17:13:38 -0700 |
|---|---|---|
| committer | Rodney Ewing <ewing.rj@gmail.com> | 2013-08-07 17:13:38 -0700 |
| commit | 202d951c3da1ace184c346271a560e9d3191d98e (patch) | |
| tree | a566cbf1d22c4f7443e6753b6d1e81bd77cbbdce | |
| parent | b2d6c45850a7627110a464e398b82f1e3a79e9a4 (diff) | |
| download | mediagoblin-202d951c3da1ace184c346271a560e9d3191d98e.tar.lz mediagoblin-202d951c3da1ace184c346271a560e9d3191d98e.tar.xz mediagoblin-202d951c3da1ace184c346271a560e9d3191d98e.zip | |
Render 404 if not ajax request
| -rw-r--r-- | mediagoblin/user_pages/views.py | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/mediagoblin/user_pages/views.py b/mediagoblin/user_pages/views.py index 2e613697..91ea04b8 100644 --- a/mediagoblin/user_pages/views.py +++ b/mediagoblin/user_pages/views.py @@ -199,6 +199,10 @@ def media_post_comment(request, media): def media_preview_comment(request): """Runs a comment through markdown so it can be previewed.""" + # If this isn't an ajax request, render_404 + if not request.is_xhr: + return render_404(request) + comment = unicode(request.form['comment_content']) cleancomment = { "content":cleaned_markdown_conversion(comment)} |