Verify post better.
authorDavid ‘Bombe’ Roden <bombe@pterodactylus.net>
Wed, 17 Nov 2010 21:09:11 +0000 (22:09 +0100)
committerDavid ‘Bombe’ Roden <bombe@pterodactylus.net>
Wed, 17 Nov 2010 21:09:11 +0000 (22:09 +0100)
src/main/java/net/pterodactylus/sone/web/ajax/DeletePostAjaxPage.java

index d874493..d2a7a39 100644 (file)
@@ -49,9 +49,9 @@ public class DeletePostAjaxPage extends JsonPage {
        @Override
        protected JsonObject createJsonObject(Request request) {
                String postId = request.getHttpRequest().getParam("post");
-               Post post = webInterface.getCore().getPost(postId);
+               Post post = webInterface.getCore().getPost(postId, false);
                Sone currentSone = getCurrentSone(request.getToadletContext());
-               if (post == null) {
+               if ((post == null) || (post.getSone() == null)) {
                        return createErrorJsonObject("invalid-post-id");
                }
                if (currentSone == null) {