Safer author add logic

bookwyrm/templates/edit_book.html

@@ -74,7 +74,9 @@
         </div>
 
         <button class="button is-primary" type="submit">{% trans "Confirm" %}</button>
-        <button class="button" type="button">{% trans "Back" %}</button>
+        <a href="#" class="button" data-back>
+            <span>{% trans "Back" %}</span>
+        </a>
     </div>
 
     <hr class="block">
@@ -129,7 +131,7 @@
                 {% endif %}
                 <label class="label" for="id_add_author">{% trans "Add Authors:" %}</label>
                 <p class="help">Separate multiple author names with commas.</p>
-                <input class="input" type="text" name="add_author" id="id_add_author" placeholder="{% trans 'John Doe, Jane Smith' %}" value="{{ add_author }}">
+                <input class="input" type="text" name="add_author" id="id_add_author" placeholder="{% trans 'John Doe, Jane Smith' %}" value="{{ add_author }}" {% if confirm_mode %}readonly{% endif %}>
             </section>
         </div>
 

bookwyrm/views/books.py

@@ -133,6 +133,8 @@ class EditBook(View):
             data["add_author"] = add_author
             data["author_matches"] = []
             for author in add_author.split(","):
+                if not author:
+                    continue
                 # check for existing authors
                 vector = SearchVector("name", weight="A") + SearchVector(
                     "aliases", weight="B"
@@ -200,6 +202,8 @@ class ConfirmEditBook(View):
             # get or create author as needed
             if request.POST.get("add_author"):
                 for (i, author) in enumerate(request.POST.get("add_author").split(",")):
+                    if not author:
+                        continue
                     match = request.POST.get("author_match-%d" % i)
                     if match and match != "0":
                         author = get_object_or_404(