Signed-off-by: zry <admin@z-touhou.org>

templates/home/post.bk.list.html

@@ -105,7 +105,7 @@
 					{% else %}
 						<a class="btn btn-warning btn-xs" href="{% url 'pichublog_posthid' i.id %}?val=true&rfm={{rfm}}">隐藏</a>
 					{% endif %}
-					<a class="btn btn-danger btn-xs" href="{% url 'pichublog_postdel' i.id %}?confirmcode={% inthash i.title %}&rfm={{rfm}}" onclick="return confirm('删除后不可恢复，是否确认删除？')">删除</a>
+					<a class="btn btn-danger btn-xs" href="{% url 'pichublog_postdel' i.id %}?veryfycode={% inthash i.title %}&rfm={{rfm}}" onclick="return confirm('删除后不可恢复，是否确认删除？')">删除</a>
 				</td>
 			</td>
 		</tr>

templates/home/post.list.html

@@ -55,7 +55,7 @@
 			<b>作者：</b>{{i.author.nick}}&nbsp;&nbsp;&nbsp;
 			<b>发布时间：</b>{{i.pubtime|date:"Y-m-d H:i:s"}}&nbsp;&nbsp;&nbsp;<br />
 			<strong>分类：</strong>
-			{% for j in bpo.category.all %}
+			{% for j in i.category.all %}
 				<a href="{% url 'pichublog_postlist' j.engname %}"><span class="label label-info" style="display:inline-block">{{j.title}}</span></a>
 			{% endfor %}
 		</p>

views/posts.py

@@ -282,6 +282,14 @@ def PostDel(request,ID):
 		"randposts":BlogPost.objects.all().order_by('?')[:5],
 		}
 		return render_to_response('home/post.err.html',kwvars,RequestContext(request))
+	if request.GET.get('veryfycode') == unicode(hash(bpo.title)):
+		bpo.delete()
+	else:
+		messages.error(request,"<b>删除失败：</b>请求参数校验不成功，为了安全起见，该删除请求被服务器拒绝。")
+	if request.REQUEST.get("rfm") == "w":
+		return HttpResponseRedirect(reverse('pichublog_postwbklist'))
+	else:
+		return HttpResponseRedirect(reverse('pichublog_postabklist'))
 
 def AjaxShowComments(request,ID):
 	try: