public ActionResult Create(Menu menu)
{
if (ModelState.IsValid)
{
// TODO: Disabled to prevent XSS attacks
//db.Menus.Add(menu);
//db.SaveChanges();
return RedirectToAction("Index");
}
return View(menu);
}
public ActionResult Edit(Menu menu)
{
if (ModelState.IsValid)
{
if (!IsAdminMenu(menu))
{
// TODO: Disabled to prevent XSS attacks on Demo
//db.Entry(menu).State = EntityState.Modified;
//db.SaveChanges();
}
return RedirectToAction("Index");
}
return View(menu);
}
//This is a hack to prevent script kiddie hackers,
//from deleting the Main Menus in the Demo Site
//Either remove this check or use it for something
//more useful in your application
private bool IsAdminMenu(Menu menu)
{
return (menu.Name == "Home" || menu.Name == "Menus");
}