From 5b0ce6471ae5b15b0cd25841e3d2d57e01947cb0 Mon Sep 17 00:00:00 2001 From: Martin Zimmermann Date: Mon, 26 May 2014 18:47:49 +0200 Subject: [PATCH] add website input --- isso/js/app/i18n/en.js | 1 + isso/js/app/isso.js | 2 ++ isso/js/app/text/postbox.jade | 2 ++ isso/views/comments.py | 34 ++++++++++++++++++++++++++++++++-- 4 files changed, 37 insertions(+), 2 deletions(-) diff --git a/isso/js/app/i18n/en.js b/isso/js/app/i18n/en.js index 6cc1d45..b29deab 100644 --- a/isso/js/app/i18n/en.js +++ b/isso/js/app/i18n/en.js @@ -2,6 +2,7 @@ define({ "postbox-text": "Type Comment Here (at least 3 chars)", "postbox-author": "Name (optional)", "postbox-email": "E-mail (optional)", + "postbox-website": "Website (optional)", "postbox-submit": "Submit", "num-comments": "One Comment\n{{ n }} Comments", diff --git a/isso/js/app/isso.js b/isso/js/app/isso.js index e3ca1b9..3a8fd96 100644 --- a/isso/js/app/isso.js +++ b/isso/js/app/isso.js @@ -64,11 +64,13 @@ define(["app/dom", "app/utils", "app/config", "app/api", "app/jade", "app/i18n", api.create($("#isso-thread").getAttribute("data-isso-id"), { author: $("[name=author]", el).value || null, email: $("[name=email]", el).value || null, + website: $("[name=website]", el).value || null, text: utils.text($(".textarea", el).innerHTML), parent: parent || null }).then(function(comment) { $("[name=author]", el).value = ""; $("[name=email]", el).value = ""; + $("[name=website]", el).value = ""; $(".textarea", el).innerHTML = ""; $(".textarea", el).blur(); insert(comment, true); diff --git a/isso/js/app/text/postbox.jade b/isso/js/app/text/postbox.jade index 5740da0..5014c84 100644 --- a/isso/js/app/text/postbox.jade +++ b/isso/js/app/text/postbox.jade @@ -11,5 +11,7 @@ div(class='postbox') input(type='text' name='author' placeholder=i18n('postbox-author')) p(class='input-wrapper') input(type='email' name='email' placeholder=i18n('postbox-email')) + p(class='input-wrapper') + input(type='text' name='website' placeholder=i18n('postbox-website')) p(class='post-action') input(type='submit' value=i18n('postbox-submit')) diff --git a/isso/views/comments.py b/isso/views/comments.py index 207c5c0..cb2bfd6 100644 --- a/isso/views/comments.py +++ b/isso/views/comments.py @@ -1,7 +1,7 @@ # -*- encoding: utf-8 -*- +import re import cgi -import json import time import hashlib import functools @@ -22,6 +22,27 @@ from isso.utils import http, parse, JSONResponse as JSON from isso.utils.crypto import pbkdf2 from isso.views import requires +# from Django appearently, looks good to me *duck* +__url_re = re.compile( + r'^' + r'(https?://)?' + r'(?:(?:[A-Z0-9](?:[A-Z0-9-]{0,61}[A-Z0-9])?\.)+(?:[A-Z]{2,6}\.?|[A-Z0-9-]{2,}\.?)|' # domain... + r'localhost|' # localhost... + r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})' # ...or ip + r'(?::\d+)?' # optional port + r'(?:/?|[/?]\S+)' + r'$', re.IGNORECASE) + + +def isurl(text): + return __url_re.match(text) is not None + + +def normalize(url): + if not url.startswith(("http://", "https://")): + return "http://" + url + return url + def sha1(text): return hashlib.sha1(text.encode('utf-8')).hexdigest() @@ -111,6 +132,12 @@ class API(object): if len(comment.get("email") or "") > 254: return False, "http://tools.ietf.org/html/rfc5321#section-4.5.3" + if comment.get("website"): + if len(comment["website"]) > 254: + return False, "arbitrary length limit" + if not isurl(comment["website"]): + return False, "Website not Django-conform" + return True, "" @xhr @@ -129,10 +156,13 @@ class API(object): if not valid: return BadRequest(reason) - for field in ("author", "email"): + for field in ("author", "email", "website"): if data.get(field) is not None: data[field] = cgi.escape(data[field]) + if data.get("website"): + data["website"] = normalize(data["website"]) + data['mode'] = 2 if self.moderated else 1 data['remote_addr'] = utils.anonymize(str(request.remote_addr))