diff --git a/hc/api/management/commands/ensuretriggers.py b/hc/api/management/commands/ensuretriggers.py
index 7d8f97cc..17693f8e 100644
--- a/hc/api/management/commands/ensuretriggers.py
+++ b/hc/api/management/commands/ensuretriggers.py
@@ -13,7 +13,7 @@ CREATE OR REPLACE FUNCTION update_alert_after()
RETURNS trigger AS $update_alert_after$
BEGIN
IF NEW.last_ping IS NOT NULL THEN
- NEW.alert_after := NEW.last_ping + NEW.timeout;
+ NEW.alert_after := NEW.last_ping + NEW.timeout + '1 hour';
END IF;
RETURN NEW;
END;
diff --git a/hc/front/views.py b/hc/front/views.py
index a6b7a4c0..4b47e3e8 100644
--- a/hc/front/views.py
+++ b/hc/front/views.py
@@ -1,4 +1,5 @@
from django.contrib.auth.decorators import login_required
+from django.http import HttpResponseForbidden
from django.shortcuts import redirect, render
from django.utils import timezone
@@ -51,6 +52,9 @@ def update_name(request, code):
assert request.method == "POST"
check = Check.objects.get(code=code)
+ if check.user != request.user:
+ return HttpResponseForbidden()
+
check.name = request.POST["name"]
check.save()
@@ -61,9 +65,12 @@ def update_name(request, code):
def update_timeout(request, code):
assert request.method == "POST"
+ check = Check.objects.get(code=code)
+ if check.user != request.user:
+ return HttpResponseForbidden()
+
form = TimeoutForm(request.POST)
if form.is_valid():
- check = Check.objects.get(code=code)
check.timeout = form.cleaned_data["timeout"]
check.save()
diff --git a/templates/pricing.html b/templates/pricing.html
index 87100e66..04ab6a73 100644
--- a/templates/pricing.html
+++ b/templates/pricing.html
@@ -24,7 +24,7 @@
Unlimited notifications