thanks. in trunk in minutes...
On Oct 13, 12:53 am, Alexey Nezhdanov <snak...@gmail.com> wrote: > Hi. > I managed to crash SQLFORM(db.table).accepts(request.vars,session) call > by adding a 'delete_this_record=on' to the list of request variables. > > Proposed fix: > > --- sqlhtml.bak.py 2010-10-13 09:52:01.202884906 +0400 > +++ sqlhtml.py 2010-10-13 09:52:06.662884519 +0400 > @@ -949,7 +949,7 @@ > raise SyntaxError, 'user is tampering with form\'s record_id: ' > \ > '%s != %s' % (record_id, self.record_id) > > - if requested_delete: > + if requested_delete and self.custom.deletable: > if keyed: > qry = reduce(lambda x,y: x & y, > [self.table[k]==record_id[k] for k in > self.table._primarykey]) > > Regards > Alexey.
