1
0
mirror of https://github.com/janeczku/calibre-web synced 2024-11-28 12:30:00 +00:00

Require edit permissions to edit books, even via ajax

This commit is contained in:
jvoisin 2020-10-29 14:52:20 +01:00
parent 5792838333
commit e7f7775efa

View File

@ -930,6 +930,7 @@ def convert_bookformat(book_id):
@editbook.route("/ajax/editbooks/<param>", methods=['POST']) @editbook.route("/ajax/editbooks/<param>", methods=['POST'])
@login_required_if_no_ano @login_required_if_no_ano
@edit_required
def edit_list_book(param): def edit_list_book(param):
vals = request.form.to_dict() vals = request.form.to_dict()
# calibre_db.update_title_sort(config) # calibre_db.update_title_sort(config)