diff options
-rw-r--r-- | quoins/controllers.py | 34 |
1 files changed, 29 insertions, 5 deletions
diff --git a/quoins/controllers.py b/quoins/controllers.py index e419d40..a3a1c5d 100644 --- a/quoins/controllers.py +++ b/quoins/controllers.py | |||
@@ -79,6 +79,33 @@ def send_email(msg, frm, to): | |||
79 | s.close() | 79 | s.close() |
80 | log.info('Sent mail to: %s' % to) | 80 | log.info('Sent mail to: %s' % to) |
81 | 81 | ||
82 | class QuoinsName(validators.FancyValidator): | ||
83 | messages = { | ||
84 | 'percent': 'Names with %% are not permitted', | ||
85 | 'in_use': 'This name is in use', | ||
86 | 'anonymous': 'The name anonymous is not permitted', | ||
87 | 'openid': 'Names beginning with "OpenID" are not permitted', | ||
88 | } | ||
89 | |||
90 | def _to_python(self, value, state): | ||
91 | # Leading or trailing whitespace in a name is not interesting. | ||
92 | return value.strip() | ||
93 | |||
94 | def validate_python(self, value, state): | ||
95 | if not value: return None | ||
96 | if '%' in value: | ||
97 | raise validators.Invalid(self.message("percent", state), | ||
98 | value, state) | ||
99 | if DBSession.query(TGUser).filter_by(display_name=value).first(): | ||
100 | raise validators.Invalid(self.message("in_use", state), | ||
101 | value, state) | ||
102 | if value.lower()=='anonymous': | ||
103 | raise validators.Invalid(self.message("anonymous", state), | ||
104 | value, state) | ||
105 | if value.lower().startswith('openid'): | ||
106 | raise validators.Invalid(self.message("openid", state), | ||
107 | value, state) | ||
108 | |||
82 | class SimpleForm(forms.Form): | 109 | class SimpleForm(forms.Form): |
83 | template = """ | 110 | template = """ |
84 | <form xmlns="http://www.w3.org/1999/xhtml" | 111 | <form xmlns="http://www.w3.org/1999/xhtml" |
@@ -159,7 +186,7 @@ class BlogCommentForm(SimpleForm): | |||
159 | 186 | ||
160 | class fields(WidgetsList): | 187 | class fields(WidgetsList): |
161 | id = fields.HiddenField() | 188 | id = fields.HiddenField() |
162 | name = fields.TextField() | 189 | name = fields.TextField(validator=QuoinsName()) |
163 | url = OpenIDField(help_text='Enter your website or your OpenID here.') | 190 | url = OpenIDField(help_text='Enter your website or your OpenID here.') |
164 | body = fields.TextArea(validator=validators.NotEmpty()) | 191 | body = fields.TextArea(validator=validators.NotEmpty()) |
165 | 192 | ||
@@ -549,9 +576,6 @@ Comment: | |||
549 | if not post.allow_comments: | 576 | if not post.allow_comments: |
550 | flash('This post does not allow comments.') | 577 | flash('This post does not allow comments.') |
551 | redirect(self.url(post)) | 578 | redirect(self.url(post)) |
552 | if name and ('%' in name or DBSession.query(TGUser).filter_by(display_name=name).first() or name.lower()=='anonymous' or name.lower().startswith('openid')): | ||
553 | flash('The name %s is not allowed.'%name) | ||
554 | return self.new_comment(id) | ||
555 | if not name: name = 'Anonymous' | 579 | if not name: name = 'Anonymous' |
556 | if url: | 580 | if url: |
557 | store = MySQLStore(get_oid_connection()) | 581 | store = MySQLStore(get_oid_connection()) |
@@ -707,7 +731,7 @@ Comment: | |||
707 | DBSession.delete(media) | 731 | DBSession.delete(media) |
708 | DBSession.flush() | 732 | DBSession.flush() |
709 | flash('Deleted image') | 733 | flash('Deleted image') |
710 | return self.edit_post(post_id) | 734 | redirect(self.url('edit_post/%s'%post_id)) |
711 | 735 | ||
712 | @expose(template="genshi:quoinstemplates.new_post") | 736 | @expose(template="genshi:quoinstemplates.new_post") |
713 | @require(predicates.has_permission('blog-post')) | 737 | @require(predicates.has_permission('blog-post')) |