diff --git a/controller/base.py b/controller/base.py
index 0f9e711..e8733aa 100644
--- a/controller/base.py
+++ b/controller/base.py
@@ -149,7 +149,7 @@ def pagenav(self, count, url, each, now,
_ret = u'首页...%s' % (_url, _ret)
if now + 5 < page:
_url = url % page
- _ret = u'%s...尾页' % (_ret, _url)
+ _ret = u'%s...尾页' % (_ret, _url)
if page <= 1:
_ret = ''
_ret = _pre + _ret + _end
diff --git a/controller/dashboard.py b/controller/dashboard.py
index 4c55f13..5f59854 100644
--- a/controller/dashboard.py
+++ b/controller/dashboard.py
@@ -17,7 +17,11 @@ def prepare(self):
self.redirect("/")
def render(self, template_name, **kwargs):
- super(AdminHandler, self).render("admin/%s" % template_name, **kwargs)
+ if self.power == "admin":
+ render = "admin/%s" % template_name
+ else:
+ render = template_name
+ super(AdminHandler, self).render(render, **kwargs)
def get(self, *args, **kwargs):
action = args[0] if len(args) else "index"
diff --git a/controller/publish.py b/controller/publish.py
index efd14c0..f2fb007 100644
--- a/controller/publish.py
+++ b/controller/publish.py
@@ -173,10 +173,6 @@ class UploadHandler(BaseHandler):
def prepare(self):
super(UploadHandler, self).prepare()
self.orgname = ''
- self.set_header("X-Frame-Options", "SAMEORIGIN")
- self.set_header("Content-Security-Policy", "default-src 'self'; script-src 'self' 'unsafe-eval' "
- "'unsafe-inline'; connect-src 'self'; img-src 'self' data:; "
- "style-src 'self' 'unsafe-inline'; font-src 'self'; frame-src 'self';")
def check_xsrf_cookie(self):
return True
@@ -204,8 +200,6 @@ def post(self, *args, **kwargs):
except tornado.web.Finish, e:
pass
except:
- import traceback
- print traceback.print_exc()
self.end(False, u"参数错误")
def end(self, status, info, path = ""):