Hi.
I managed to crash SQLFORM(db.table).accepts(request.vars,session) call
by adding a 'delete_this_record=on' to the list of request variables.
Proposed fix:
--- sqlhtml.bak.py 2010-10-13 09:52:01.202884906 +0400
+++ sqlhtml.py 2010-10-13 09:52:06.662884519 +0400
@@ -949,7 +949,7 @@
raise SyntaxError, 'user is tampering with form\'s record_id: '
\
'%s != %s' % (record_id, self.record_id)
- if requested_delete:
+ if requested_delete and self.custom.deletable:
if keyed:
qry = reduce(lambda x,y: x & y,
[self.table[k]==record_id[k] for k in
self.table._primarykey])
Regards
Alexey.
