Mercurial > public > sg101

comparison news/views.py @ 849:ff645a692791

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
For issue #79, use bleach to sanitize both user input markdown & html.
author Brian Neal <bgneal@gmail.com>
date Thu, 30 Oct 2014 19:30:37 -0500
parents ee87ea74d46b
children 79a71b9d0a2a
comparison
equal deleted inserted replaced
848:32ebe22f0cad 849:ff645a692791
9 from django.http import HttpResponseRedirect 9 from django.http import HttpResponseRedirect
10 from django.contrib.auth.decorators import login_required 10 from django.contrib.auth.decorators import login_required
11 from django.shortcuts import get_object_or_404 11 from django.shortcuts import get_object_or_404
12 from django.core.paginator import InvalidPage 12 from django.core.paginator import InvalidPage
13 from django.core.urlresolvers import reverse 13 from django.core.urlresolvers import reverse
14 from django.db.models import Q
15 from django.contrib.sites.models import Site 14 from django.contrib.sites.models import Site
16 from django.http import Http404 15 from django.http import Http404
17 16
18 from tagging.models import Tag 17 from tagging.models import Tag
19 from tagging.models import TaggedItem 18 from tagging.models import TaggedItem
22 from core.functions import send_mail 21 from core.functions import send_mail
23 from core.functions import get_full_name 22 from core.functions import get_full_name
24 from core.functions import get_page 23 from core.functions import get_page
25 from core.paginator import DiggPaginator 24 from core.paginator import DiggPaginator
26 from news.models import Category 25 from news.models import Category
27 from news.models import PendingStory
28 from news.models import Story 26 from news.models import Story
29 from news.forms import AddNewsForm 27 from news.forms import AddNewsForm
30 from news.forms import SendStoryForm 28 from news.forms import SendStoryForm
31 from news.utils import attach_extra_attrs 29 from news.utils import attach_extra_attrs
32 30
143 if request.method == "POST": 141 if request.method == "POST":
144 add_form = AddNewsForm(request.POST) 142 add_form = AddNewsForm(request.POST)
145 if add_form.is_valid(): 143 if add_form.is_valid():
146 pending_story = add_form.save(commit=False) 144 pending_story = add_form.save(commit=False)
147 pending_story.submitter = request.user 145 pending_story.submitter = request.user
148 pending_story.short_text = clean_html(pending_story.short_text) 146 pending_story.short_text = _clean_html(pending_story.short_text)
149 pending_story.long_text = clean_html(pending_story.long_text) 147 pending_story.long_text = _clean_html(pending_story.long_text)
150 pending_story.save() 148 pending_story.save()
151 return HttpResponseRedirect(reverse('news.views.submit_thanks')) 149 return HttpResponseRedirect(reverse('news.views.submit_thanks'))
152 else: 150 else:
153 add_form = AddNewsForm() 151 add_form = AddNewsForm()
154 152
237 def email_thanks(request): 235 def email_thanks(request):
238 return render_to_response('news/send_story.html', { 236 return render_to_response('news/send_story.html', {
239 }, 237 },
240 context_instance = RequestContext(request)) 238 context_instance = RequestContext(request))
241 239
240 #######################################################################
241
242 def _clean_html(s):
243 return clean_html(s, profile='news')