author | Pawel Solyga <Pawel.Solyga@gmail.com> |
Mon, 17 Nov 2008 22:21:02 +0000 | |
changeset 502 | e1e24c0a4e82 |
parent 323 | ff1a9aa48cfd |
permissions | -rw-r--r-- |
323
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
1 |
import re |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
2 |
import time |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
3 |
import datetime |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
4 |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
5 |
from django import forms |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
6 |
from django.forms.util import ErrorDict |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
7 |
from django.conf import settings |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
8 |
from django.http import Http404 |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
9 |
from django.contrib.contenttypes.models import ContentType |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
10 |
from models import Comment |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
11 |
from django.utils.encoding import force_unicode |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
12 |
from django.utils.hashcompat import sha_constructor |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
13 |
from django.utils.text import get_text_list |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
14 |
from django.utils.translation import ungettext, ugettext_lazy as _ |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
15 |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
16 |
COMMENT_MAX_LENGTH = getattr(settings,'COMMENT_MAX_LENGTH', 3000) |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
17 |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
18 |
class CommentForm(forms.Form): |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
19 |
name = forms.CharField(label=_("Name"), max_length=50) |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
20 |
email = forms.EmailField(label=_("Email address")) |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
21 |
url = forms.URLField(label=_("URL"), required=False) |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
22 |
comment = forms.CharField(label=_('Comment'), widget=forms.Textarea, |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
23 |
max_length=COMMENT_MAX_LENGTH) |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
24 |
honeypot = forms.CharField(required=False, |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
25 |
label=_('If you enter anything in this field '\ |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
26 |
'your comment will be treated as spam')) |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
27 |
content_type = forms.CharField(widget=forms.HiddenInput) |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
28 |
object_pk = forms.CharField(widget=forms.HiddenInput) |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
29 |
timestamp = forms.IntegerField(widget=forms.HiddenInput) |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
30 |
security_hash = forms.CharField(min_length=40, max_length=40, widget=forms.HiddenInput) |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
31 |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
32 |
def __init__(self, target_object, data=None, initial=None): |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
33 |
self.target_object = target_object |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
34 |
if initial is None: |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
35 |
initial = {} |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
36 |
initial.update(self.generate_security_data()) |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
37 |
super(CommentForm, self).__init__(data=data, initial=initial) |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
38 |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
39 |
def get_comment_object(self): |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
40 |
""" |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
41 |
Return a new (unsaved) comment object based on the information in this |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
42 |
form. Assumes that the form is already validated and will throw a |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
43 |
ValueError if not. |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
44 |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
45 |
Does not set any of the fields that would come from a Request object |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
46 |
(i.e. ``user`` or ``ip_address``). |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
47 |
""" |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
48 |
if not self.is_valid(): |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
49 |
raise ValueError("get_comment_object may only be called on valid forms") |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
50 |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
51 |
new = Comment( |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
52 |
content_type = ContentType.objects.get_for_model(self.target_object), |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
53 |
object_pk = force_unicode(self.target_object._get_pk_val()), |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
54 |
user_name = self.cleaned_data["name"], |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
55 |
user_email = self.cleaned_data["email"], |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
56 |
user_url = self.cleaned_data["url"], |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
57 |
comment = self.cleaned_data["comment"], |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
58 |
submit_date = datetime.datetime.now(), |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
59 |
site_id = settings.SITE_ID, |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
60 |
is_public = True, |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
61 |
is_removed = False, |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
62 |
) |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
63 |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
64 |
# Check that this comment isn't duplicate. (Sometimes people post comments |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
65 |
# twice by mistake.) If it is, fail silently by returning the old comment. |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
66 |
possible_duplicates = Comment.objects.filter( |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
67 |
content_type = new.content_type, |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
68 |
object_pk = new.object_pk, |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
69 |
user_name = new.user_name, |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
70 |
user_email = new.user_email, |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
71 |
user_url = new.user_url, |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
72 |
) |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
73 |
for old in possible_duplicates: |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
74 |
if old.submit_date.date() == new.submit_date.date() and old.comment == new.comment: |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
75 |
return old |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
76 |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
77 |
return new |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
78 |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
79 |
def security_errors(self): |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
80 |
"""Return just those errors associated with security""" |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
81 |
errors = ErrorDict() |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
82 |
for f in ["honeypot", "timestamp", "security_hash"]: |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
83 |
if f in self.errors: |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
84 |
errors[f] = self.errors[f] |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
85 |
return errors |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
86 |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
87 |
def clean_honeypot(self): |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
88 |
"""Check that nothing's been entered into the honeypot.""" |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
89 |
value = self.cleaned_data["honeypot"] |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
90 |
if value: |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
91 |
raise forms.ValidationError(self.fields["honeypot"].label) |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
92 |
return value |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
93 |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
94 |
def clean_security_hash(self): |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
95 |
"""Check the security hash.""" |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
96 |
security_hash_dict = { |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
97 |
'content_type' : self.data.get("content_type", ""), |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
98 |
'object_pk' : self.data.get("object_pk", ""), |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
99 |
'timestamp' : self.data.get("timestamp", ""), |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
100 |
} |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
101 |
expected_hash = self.generate_security_hash(**security_hash_dict) |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
102 |
actual_hash = self.cleaned_data["security_hash"] |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
103 |
if expected_hash != actual_hash: |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
104 |
raise forms.ValidationError("Security hash check failed.") |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
105 |
return actual_hash |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
106 |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
107 |
def clean_timestamp(self): |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
108 |
"""Make sure the timestamp isn't too far (> 2 hours) in the past.""" |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
109 |
ts = self.cleaned_data["timestamp"] |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
110 |
if time.time() - ts > (2 * 60 * 60): |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
111 |
raise forms.ValidationError("Timestamp check failed") |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
112 |
return ts |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
113 |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
114 |
def clean_comment(self): |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
115 |
""" |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
116 |
If COMMENTS_ALLOW_PROFANITIES is False, check that the comment doesn't |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
117 |
contain anything in PROFANITIES_LIST. |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
118 |
""" |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
119 |
comment = self.cleaned_data["comment"] |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
120 |
if settings.COMMENTS_ALLOW_PROFANITIES == False: |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
121 |
bad_words = [w for w in settings.PROFANITIES_LIST if w in comment.lower()] |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
122 |
if bad_words: |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
123 |
plural = len(bad_words) > 1 |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
124 |
raise forms.ValidationError(ungettext( |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
125 |
"Watch your mouth! The word %s is not allowed here.", |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
126 |
"Watch your mouth! The words %s are not allowed here.", plural) % \ |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
127 |
get_text_list(['"%s%s%s"' % (i[0], '-'*(len(i)-2), i[-1]) for i in bad_words], 'and')) |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
128 |
return comment |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
129 |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
130 |
def generate_security_data(self): |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
131 |
"""Generate a dict of security data for "initial" data.""" |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
132 |
timestamp = int(time.time()) |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
133 |
security_dict = { |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
134 |
'content_type' : str(self.target_object._meta), |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
135 |
'object_pk' : str(self.target_object._get_pk_val()), |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
136 |
'timestamp' : str(timestamp), |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
137 |
'security_hash' : self.initial_security_hash(timestamp), |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
138 |
} |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
139 |
return security_dict |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
140 |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
141 |
def initial_security_hash(self, timestamp): |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
142 |
""" |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
143 |
Generate the initial security hash from self.content_object |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
144 |
and a (unix) timestamp. |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
145 |
""" |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
146 |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
147 |
initial_security_dict = { |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
148 |
'content_type' : str(self.target_object._meta), |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
149 |
'object_pk' : str(self.target_object._get_pk_val()), |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
150 |
'timestamp' : str(timestamp), |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
151 |
} |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
152 |
return self.generate_security_hash(**initial_security_dict) |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
153 |
|
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
154 |
def generate_security_hash(self, content_type, object_pk, timestamp): |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
155 |
"""Generate a (SHA1) security hash from the provided info.""" |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
156 |
info = (content_type, object_pk, timestamp, settings.SECRET_KEY) |
ff1a9aa48cfd
Load ../vendor/django into trunk/app/django.
Pawel Solyga <Pawel.Solyga@gmail.com>
parents:
diff
changeset
|
157 |
return sha_constructor("".join(info)).hexdigest() |