Add a comment name validator.

author: James E. Blair <corvus@gnu.org> 2009-08-23 16:29:07 -0700
committer: James E. Blair <corvus@gnu.org> 2009-08-23 16:29:07 -0700
commit: 58916f2f4e99c38901585f15a5cd280a968e9457 (patch)
tree: d6ac8b8c410af43c76339a951c3f6f353d23e561
parent: 605ed3142d812370e28421018ef5b1e89a7566f1 (diff)
1 files changed, 29 insertions, 5 deletions
diff --git a/quoins/controllers.py b/quoins/controllers.py
index e419d40..a3a1c5d 100644
--- a/quoins/controllers.py
+++ b/quoins/controllers.py
@@ -79,6 +79,33 @@ def send_email(msg, frm, to):
    s.close()
    log.info('Sent mail to: %s' % to)
+class QuoinsName(validators.FancyValidator):
+    messages = {
+        'percent': 'Names with %% are not permitted',
+        'in_use': 'This name is in use',
+        'anonymous': 'The name anonymous is not permitted',
+        'openid': 'Names beginning with "OpenID" are not permitted',
+        }
+    def _to_python(self, value, state):
+        # Leading or trailing whitespace in a name is not interesting.
+        return value.strip()
+    def validate_python(self, value, state):
+        if not value: return None
+        if '%' in value:
+            raise validators.Invalid(self.message("percent", state),
+                          value, state)
+        if DBSession.query(TGUser).filter_by(display_name=value).first():
+            raise validators.Invalid(self.message("in_use", state),
+                          value, state)
+        if value.lower()=='anonymous':
+            raise validators.Invalid(self.message("anonymous", state),
+                          value, state)
+        if value.lower().startswith('openid'):
+            raise validators.Invalid(self.message("openid", state),
+                          value, state)
 class SimpleForm(forms.Form):
    template = """
    <form xmlns="http://www.w3.org/1999/xhtml" 
@@ -159,7 +186,7 @@ class BlogCommentForm(SimpleForm):
    
    class fields(WidgetsList):
        id = fields.HiddenField()
-        name = fields.TextField()
+        name = fields.TextField(validator=QuoinsName())
        url = OpenIDField(help_text='Enter your website or your OpenID here.')
        body = fields.TextArea(validator=validators.NotEmpty())
@@ -549,9 +576,6 @@ Comment:
        if not post.allow_comments:
            flash('This post does not allow comments.')
            redirect(self.url(post))
-        if name and ('%' in name or DBSession.query(TGUser).filter_by(display_name=name).first() or name.lower()=='anonymous' or name.lower().startswith('openid')):
-            flash('The name %s is not allowed.'%name)
-            return self.new_comment(id)
        if not name: name = 'Anonymous'
        if url:
            store = MySQLStore(get_oid_connection())
@@ -707,7 +731,7 @@ Comment:
            DBSession.delete(media)
            DBSession.flush()
            flash('Deleted image')
-        return self.edit_post(post_id)
+        redirect(self.url('edit_post/%s'%post_id))
    @expose(template="genshi:quoinstemplates.new_post")
    @require(predicates.has_permission('blog-post'))
author	James E. Blair <corvus@gnu.org>	2009-08-23 16:29:07 -0700
committer	James E. Blair <corvus@gnu.org>	2009-08-23 16:29:07 -0700
commit	58916f2f4e99c38901585f15a5cd280a968e9457 (patch)
tree	d6ac8b8c410af43c76339a951c3f6f353d23e561
parent	605ed3142d812370e28421018ef5b1e89a7566f1 (diff)