diff options
| -rw-r--r-- | controller/recipe.go | 5 | ||||
| -rw-r--r-- | main.go | 2 | ||||
| -rw-r--r-- | view/html/recipe-edit.html | 2 |
3 files changed, 7 insertions, 2 deletions
diff --git a/controller/recipe.go b/controller/recipe.go index 259e3bc..e58092a 100644 --- a/controller/recipe.go +++ b/controller/recipe.go @@ -24,6 +24,11 @@ func RecipeUpdate(w http.ResponseWriter, r *http.Request) { return } + if recipe.Id != mux.Vars(r)[`id`] { + http.Error(w, "IDs in URL and JSON do not match", http.StatusBadRequest) + return + } + err = recipe.Update() if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) @@ -48,7 +48,7 @@ func startServer(addr string) *http.Server { r.HandleFunc("/recipes", view.RecipesRead).Methods(`GET`) r.HandleFunc("/recipe/{id:[0-9]+}", view.RecipeRead).Methods(`GET`) - r.HandleFunc("/recipe", controller.RecipeUpdate).Methods(`POST`) + r.HandleFunc("/recipe/{id:[0-9]+}", controller.RecipeUpdate).Methods(`POST`) r.HandleFunc("/recipe/{id:[0-9]+}", controller.RecipeDelete).Methods(`DELETE`) r.HandleFunc("/favicon.ico", view.FaviconRead).Methods(`GET`) diff --git a/view/html/recipe-edit.html b/view/html/recipe-edit.html index 2513be8..d7d9b45 100644 --- a/view/html/recipe-edit.html +++ b/view/html/recipe-edit.html @@ -10,7 +10,7 @@ </header> <body> <main> - <form action="/recipe?method=update"> + <form action="/recipe/{{.Id}}"> <input type="hidden" name="id" value="{{.Id}}"> <p> |