fixed topic delete not post method security problem.

Author: poying

controllers/topic.js

@@ -696,33 +696,33 @@ exports.delete = function (req, res, next) {
   //刪除topic_tag，標簽topic_count減1
   //刪除topic_collect，用戶collect_topic_count減1
   if (!req.session.user || !req.session.user.is_admin) {
-    res.redirect('home');
-    return;
+    return res.send({ success: false, message: '無權限' });
   }
 
   var topic_id = req.params.tid;
 
   if (topic_id.length !== 24) {
-    res.render('notify/notify', {error: '此話題不存在或已被刪除。'});
+    res.send({success: false, message: '此話題不存在或已被刪除。'});
     return;
   }
 
   get_topic_by_id(topic_id, function (err, topic, tags, author) {
+    if (err) {
+      return res.send({ success: false, message: err.message });
+    }
+
     if (!topic) {
-      res.render('notify/notify', {error: '此話題不存在或已被刪除。'});
+      res.send({success: false, message: '此話題不存在或已被刪除。'});
       return;
     }
     var proxy = new EventProxy();
     var render;
 
-    render = function () {
-      res.render('notify/notify', {success: '話題已被刪除。'});
-      return;
-    };
-
-    proxy.assign('topic_removed', render);
     topic.remove(function (err) {
-      proxy.emit('topic_removed');
+      if (err) {
+        return res.send({ success: false, message: err.message });
+      }
+      res.send({success: true, message: '話題已被刪除。'});
     });
   });
 };

routes.js

@@ -82,7 +82,7 @@ module.exports = function (app) {
   app.get('/topic/:tid', topic.index);
   app.get('/topic/:tid/top/:is_top?', topic.top);
   app.get('/topic/:tid/edit', topic.edit);
-  app.get('/topic/:tid/delete', topic.delete);
+  app.post('/topic/:tid/delete', topic.delete);
   app.post('/topic/create', topic.create);
   app.post('/topic/:tid/edit', topic.edit);
   app.post('/topic/collect', topic.collect);

views/topic/index.html

@@ -97,7 +97,7 @@ <h3><% if(topic.top){%>[置頂]<% } %><%= topic.title %></h3>
           <a href='/topic/<%= topic._id %>/top/1'><img class='user_icon' src='<%- config.site_static_host %>/images/star_fav_icon&16.png' title='置頂' /></a>
         <% } %>
         <a href='/topic/<%= topic._id %>/edit'><img class='user_icon' src='<%- config.site_static_host %>/images/doc_edit_icon&16.png' title='編輯' /></a>
-        <a href='/topic/<%= topic._id %>/delete' class='delete_topic_btn'><img class='user_icon' src='<%- config.site_static_host %>/images/trash_icon&16.png' title='刪除' /></a>
+        <a href='javascript:;' data-id='<%= topic._id %>' class='delete_topic_btn'><img class='user_icon' src='<%- config.site_static_host %>/images/trash_icon&16.png' title='刪除' /></a>
         <% } else { %>
           <% if (current_user._id.toString() === topic.author_id.toString()) { %>
           <span class='sp10'></span>
@@ -138,7 +138,7 @@ <h3><% if(topic.top){%>[置頂]<% } %><%= topic.title %></h3>
               <div id='wmd-preview' class='wmd-preview reply-wmd-preview'></div>
             </div>
           </div>
-          <input type='hidden' name='_csrf' value='<%= csrf %>' />
+          <input type='hidden' name='_csrf' id='_csrf' value='<%= csrf %>' />
         </div>
         <div class='sep10'></div>
         <button id='submit_btn' class='btn'>回覆</button>
@@ -305,8 +305,15 @@ <h3><% if(topic.top){%>[置頂]<% } %><%= topic.title %></h3>
     });
 
     $('.delete_topic_btn').click(function() {
+      var topicId = $(this).data('id');
       if(confirm('確定要刪除此話題嗎？')) {
-        window.location.href = $(this).attr('href');
+        $.post('/topic/' + topicId + '/delete', { _csrf: $('#_csrf').val() }, function (result) {
+          if (!result.success) {
+            alert(result.message);
+          } else {
+            window.location.href = '/';
+          }
+        });
       }
       return false;
     });