summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--quoins/controllers.py34
1 files changed, 29 insertions, 5 deletions
diff --git a/quoins/controllers.py b/quoins/controllers.py
index e419d40..a3a1c5d 100644
--- a/quoins/controllers.py
+++ b/quoins/controllers.py
@@ -79,6 +79,33 @@ def send_email(msg, frm, to):
79 s.close() 79 s.close()
80 log.info('Sent mail to: %s' % to) 80 log.info('Sent mail to: %s' % to)
81 81
82class QuoinsName(validators.FancyValidator):
83 messages = {
84 'percent': 'Names with %% are not permitted',
85 'in_use': 'This name is in use',
86 'anonymous': 'The name anonymous is not permitted',
87 'openid': 'Names beginning with "OpenID" are not permitted',
88 }
89
90 def _to_python(self, value, state):
91 # Leading or trailing whitespace in a name is not interesting.
92 return value.strip()
93
94 def validate_python(self, value, state):
95 if not value: return None
96 if '%' in value:
97 raise validators.Invalid(self.message("percent", state),
98 value, state)
99 if DBSession.query(TGUser).filter_by(display_name=value).first():
100 raise validators.Invalid(self.message("in_use", state),
101 value, state)
102 if value.lower()=='anonymous':
103 raise validators.Invalid(self.message("anonymous", state),
104 value, state)
105 if value.lower().startswith('openid'):
106 raise validators.Invalid(self.message("openid", state),
107 value, state)
108
82class SimpleForm(forms.Form): 109class SimpleForm(forms.Form):
83 template = """ 110 template = """
84 <form xmlns="http://www.w3.org/1999/xhtml" 111 <form xmlns="http://www.w3.org/1999/xhtml"
@@ -159,7 +186,7 @@ class BlogCommentForm(SimpleForm):
159 186
160 class fields(WidgetsList): 187 class fields(WidgetsList):
161 id = fields.HiddenField() 188 id = fields.HiddenField()
162 name = fields.TextField() 189 name = fields.TextField(validator=QuoinsName())
163 url = OpenIDField(help_text='Enter your website or your OpenID here.') 190 url = OpenIDField(help_text='Enter your website or your OpenID here.')
164 body = fields.TextArea(validator=validators.NotEmpty()) 191 body = fields.TextArea(validator=validators.NotEmpty())
165 192
@@ -549,9 +576,6 @@ Comment:
549 if not post.allow_comments: 576 if not post.allow_comments:
550 flash('This post does not allow comments.') 577 flash('This post does not allow comments.')
551 redirect(self.url(post)) 578 redirect(self.url(post))
552 if name and ('%' in name or DBSession.query(TGUser).filter_by(display_name=name).first() or name.lower()=='anonymous' or name.lower().startswith('openid')):
553 flash('The name %s is not allowed.'%name)
554 return self.new_comment(id)
555 if not name: name = 'Anonymous' 579 if not name: name = 'Anonymous'
556 if url: 580 if url:
557 store = MySQLStore(get_oid_connection()) 581 store = MySQLStore(get_oid_connection())
@@ -707,7 +731,7 @@ Comment:
707 DBSession.delete(media) 731 DBSession.delete(media)
708 DBSession.flush() 732 DBSession.flush()
709 flash('Deleted image') 733 flash('Deleted image')
710 return self.edit_post(post_id) 734 redirect(self.url('edit_post/%s'%post_id))
711 735
712 @expose(template="genshi:quoinstemplates.new_post") 736 @expose(template="genshi:quoinstemplates.new_post")
713 @require(predicates.has_permission('blog-post')) 737 @require(predicates.has_permission('blog-post'))
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-19 05:46:08 +0000