From bfac5efd8973f41c67fb52cde1b32de203e00bf6 Mon Sep 17 00:00:00 2001
From: "ajurna@gmail.com" <br!ll0alpha>
Date: Tue, 5 Apr 2016 10:11:06 +0100
Subject: [PATCH] changed view to limit to post on json request. this makes
 sure the csrf is checked.

---
 comic/views.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/comic/views.py b/comic/views.py
index dcfb258..dbab374 100644
--- a/comic/views.py
+++ b/comic/views.py
@@ -1,15 +1,16 @@
+import json
 import uuid
 from os import path
-import json
 
 from django.contrib.auth import login, authenticate
 from django.contrib.auth.decorators import login_required, user_passes_test
 from django.contrib.auth.models import User
+from django.db.models import Max
 from django.http import HttpResponse
 from django.shortcuts import render, redirect, get_object_or_404
 from django.utils.http import urlsafe_base64_decode
 from django.views.decorators.csrf import ensure_csrf_cookie
-from django.db.models import Max
+from django.views.decorators.http import require_POST
 
 from .forms import SettingsForm, AccountForm, EditUserForm, AddUserForm, InitialSetupForm
 from .models import Setting, ComicBook, ComicStatus, Directory, ComicPage
@@ -55,6 +56,7 @@ def comic_list(request, directory_selector=False):
 
 
 @login_required
+@require_POST
 def comic_list_json(request, directory_selector=False):
     icon_str = '<span class="glyphicon {0}"></span>'
     if directory_selector:
@@ -78,6 +80,7 @@ def comic_list_json(request, directory_selector=False):
     )
 
 
+
 @login_required
 def account_page(request):
     success_message = []