Mercurial > public > sg101

diff bio/forms.py @ 1011:164a39d985ef

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Perform SSL image_check on profile text fields.
author Brian Neal <bgneal@gmail.com>
date Fri, 27 Nov 2015 15:45:05 -0600
parents 4f265f61874b
children 21c592cac71c
line wrap: on
line diff
--- a/bio/forms.py	Fri Nov 27 15:44:06 2015 -0600
+++ b/bio/forms.py	Fri Nov 27 15:45:05 2015 -0600
@@ -14,8 +14,11 @@
 import pytz
 
 from bio.models import UserProfile
+from core.html import image_check
+from core.html import ImageCheckError
+from core.images.utils import parse_image, downscale_image_square
+from core.markup import site_markup
 from core.widgets import AutoCompleteUserInput
-from core.images.utils import parse_image, downscale_image_square
 
 
 class EditUserForm(forms.ModelForm):
@@ -59,7 +62,7 @@
 
     def clean_time_zone(self):
         """Ensure the timezone is valid and will work with pytz.
-        
+
         A blank (empty) value is allowed.
         """
 
@@ -72,6 +75,22 @@
 
         return tz
 
+    def _image_check(self, field_name):
+        text = self.cleaned_data[field_name]
+        if text:
+            html = site_markup(text)
+            try:
+                image_check(html)
+            except ImageCheckError as ex:
+                raise forms.ValidationError(str(ex))
+        return text
+
+    def clean_profile_text(self):
+        return self._image_check('profile_text')
+
+    def clean_signature(self):
+        return self._image_check('signature')
+
 
 class UploadAvatarForm(forms.Form):
     """Form used to change a user's avatar"""