diff --git a/dynastie/models.py b/dynastie/models.py
index 7d76ed2..78c04a3 100755
--- a/dynastie/models.py
+++ b/dynastie/models.py
@@ -255,7 +255,15 @@ class Tag(models.Model):
         if os.path.exists(output):
             shutil.rmtree(output)
 
+class PostOnlyManager(models.Manager):
+
+    def get_queryset(self):
+        return super(PostOnlyManager, self).get_queryset().filter(post_type='P')
+                                    
 class Post(models.Model):
+
+    objects = PostOnlyManager()
+
     title = models.CharField(max_length=255)
     title_slug = models.CharField(max_length=255)
     category = models.ForeignKey(Category, blank=True, null=True, on_delete=models.SET_NULL)
@@ -274,6 +282,7 @@ class Post(models.Model):
         (CONTENT_HTML, 'HTML'),
         (CONTENT_TEXT, 'Text'))
     content_format = models.IntegerField(choices=CONTENT_FORMAT, default=CONTENT_HTML, blank=False, null=False)
+    post_type = models.CharField(max_length=1, default='P')
 
     def getPath(self):
         filename = '/post/' 
@@ -386,6 +395,9 @@ class Post(models.Model):
             return 'text'
 
 class Draft(Post):
+
+    objects = models.Manager()
+
     def createDraft(self, content, tags):
         b = self.blog
         output = b.src_path
@@ -483,3 +495,7 @@ def pre_delete_post_signal(sender, **kwargs):
 @receiver(pre_save, sender=Comment)
 def pre_save_comment_signal(sender, **kwargs):
     kwargs['instance']._update_line_returns()
+
+@receiver(pre_save, sender=Draft)
+def pre_save_draft_signal(sender, **kwargs):
+    kwargs['instance'].post_type = 'D'
diff --git a/dynastie/views.py b/dynastie/views.py
index 1f385b5..56c73d4 100755
--- a/dynastie/views.py
+++ b/dynastie/views.py
@@ -22,7 +22,7 @@ import re
 from datetime import datetime, date, time
 from django.shortcuts import render
 from django.contrib.auth import authenticate, login, logout
-from django.http import HttpResponseRedirect, HttpResponse, Http404
+from django.http import HttpResponseRedirect, HttpResponse, Http404, HttpResponseForbidden
 from django.contrib.auth.decorators import login_required
 from django.views.decorators.csrf import csrf_exempt
 from django.forms.models import inlineformset_factory
@@ -344,7 +344,7 @@ def add_blog(request):
 def view_blog(request, blog_id):
     b,_ = have_I_right(request, blog_id)
 
-    orig_posts = Post.objects.filter(blog=b)
+    posts = Post.objects.filter(blog=b)
 
     if 'page' in request.GET:
         cur_page = int(request.GET['page'])
@@ -356,7 +356,7 @@ def view_blog(request, blog_id):
     else:
         drafts = []
 
-    count = len(orig_posts) - len(drafts)
+    count = len(posts) - len(drafts)
     nb_pages = int(count/50)
 
     # Prevent error injection
@@ -368,15 +368,8 @@ def view_blog(request, blog_id):
     start = cur_page * 50
     end = start + 50 + len(drafts)
 
-    orig_posts = orig_posts.order_by('-creation_date')[start:end]
+    posts = posts.order_by('-creation_date')[start:end]
 
-    # Select post without drafts
-    if drafts:
-        drafts_id = [draft.id for draft in drafts]
-        posts = [p for p in orig_posts if not p.id in drafts_id]
-    else:
-        posts = orig_posts
-            
     form = BlogForm(instance=b)
     
     comments = Comment.objects.all()
@@ -677,6 +670,9 @@ def generate_search(request, blog_id):
 def search(request, blog_id):
     from dynastie.generators import search
 
+    if not 'HTTP_REFERER' in request.META:
+        return HttpResponseForbidden()
+
     ref = request.META['HTTP_REFERER']
 
     b = Blog.objects.filter(pk=blog_id)