add website input

This commit is contained in:
Martin Zimmermann 2014-05-26 18:47:49 +02:00
parent 8cf9ea348e
commit 5b0ce6471a
4 changed files with 37 additions and 2 deletions

View File

@ -2,6 +2,7 @@ define({
"postbox-text": "Type Comment Here (at least 3 chars)",
"postbox-author": "Name (optional)",
"postbox-email": "E-mail (optional)",
"postbox-website": "Website (optional)",
"postbox-submit": "Submit",
"num-comments": "One Comment\n{{ n }} Comments",

View File

@ -64,11 +64,13 @@ define(["app/dom", "app/utils", "app/config", "app/api", "app/jade", "app/i18n",
api.create($("#isso-thread").getAttribute("data-isso-id"), {
author: $("[name=author]", el).value || null,
email: $("[name=email]", el).value || null,
website: $("[name=website]", el).value || null,
text: utils.text($(".textarea", el).innerHTML),
parent: parent || null
}).then(function(comment) {
$("[name=author]", el).value = "";
$("[name=email]", el).value = "";
$("[name=website]", el).value = "";
$(".textarea", el).innerHTML = "";
$(".textarea", el).blur();
insert(comment, true);

View File

@ -11,5 +11,7 @@ div(class='postbox')
input(type='text' name='author' placeholder=i18n('postbox-author'))
p(class='input-wrapper')
input(type='email' name='email' placeholder=i18n('postbox-email'))
p(class='input-wrapper')
input(type='text' name='website' placeholder=i18n('postbox-website'))
p(class='post-action')
input(type='submit' value=i18n('postbox-submit'))

View File

@ -1,7 +1,7 @@
# -*- encoding: utf-8 -*-
import re
import cgi
import json
import time
import hashlib
import functools
@ -22,6 +22,27 @@ from isso.utils import http, parse, JSONResponse as JSON
from isso.utils.crypto import pbkdf2
from isso.views import requires
# from Django appearently, looks good to me *duck*
__url_re = re.compile(
r'^'
r'(https?://)?'
r'(?:(?:[A-Z0-9](?:[A-Z0-9-]{0,61}[A-Z0-9])?\.)+(?:[A-Z]{2,6}\.?|[A-Z0-9-]{2,}\.?)|' # domain...
r'localhost|' # localhost...
r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})' # ...or ip
r'(?::\d+)?' # optional port
r'(?:/?|[/?]\S+)'
r'$', re.IGNORECASE)
def isurl(text):
return __url_re.match(text) is not None
def normalize(url):
if not url.startswith(("http://", "https://")):
return "http://" + url
return url
def sha1(text):
return hashlib.sha1(text.encode('utf-8')).hexdigest()
@ -111,6 +132,12 @@ class API(object):
if len(comment.get("email") or "") > 254:
return False, "http://tools.ietf.org/html/rfc5321#section-4.5.3"
if comment.get("website"):
if len(comment["website"]) > 254:
return False, "arbitrary length limit"
if not isurl(comment["website"]):
return False, "Website not Django-conform"
return True, ""
@xhr
@ -129,10 +156,13 @@ class API(object):
if not valid:
return BadRequest(reason)
for field in ("author", "email"):
for field in ("author", "email", "website"):
if data.get(field) is not None:
data[field] = cgi.escape(data[field])
if data.get("website"):
data["website"] = normalize(data["website"])
data['mode'] = 2 if self.moderated else 1
data['remote_addr'] = utils.anonymize(str(request.remote_addr))