Added request verification and url encoding
diff --git a/erpnext/www/book-appointment/verify/index.py b/erpnext/www/book-appointment/verify/index.py
index d25b505..86f9515 100644
--- a/erpnext/www/book-appointment/verify/index.py
+++ b/erpnext/www/book-appointment/verify/index.py
@@ -1,8 +1,14 @@
import frappe
+from frappe.utils.verified_command import verify_request
@frappe.whitelist(allow_guest=True)
def get_context(context):
+ if not verify_request():
+ context.success = False
+ return context
+
email = frappe.form_dict['email']
appointment_name = frappe.form_dict['appointment']
+
if email and appointment_name:
appointment = frappe.get_doc('Appointment',appointment_name)
appointment.set_verified(email)