# HG changeset patch
# User Brian Neal <bgneal@gmail.com>
# Date 1448660705 21600
# Node ID 164a39d985ef6d2c3c9bddcb26227fc1155e2a0f
# Parent  9afe0610aae52704d1d76dafc183b3ef087f9960
Perform SSL image_check on profile text fields.

diff -r 9afe0610aae5 -r 164a39d985ef bio/forms.py
--- a/bio/forms.py	Fri Nov 27 15:44:06 2015 -0600
+++ b/bio/forms.py	Fri Nov 27 15:45:05 2015 -0600
@@ -14,8 +14,11 @@
 import pytz
 
 from bio.models import UserProfile
+from core.html import image_check
+from core.html import ImageCheckError
+from core.images.utils import parse_image, downscale_image_square
+from core.markup import site_markup
 from core.widgets import AutoCompleteUserInput
-from core.images.utils import parse_image, downscale_image_square
 
 
 class EditUserForm(forms.ModelForm):
@@ -59,7 +62,7 @@
 
     def clean_time_zone(self):
         """Ensure the timezone is valid and will work with pytz.
-        
+
         A blank (empty) value is allowed.
         """
 
@@ -72,6 +75,22 @@
 
         return tz
 
+    def _image_check(self, field_name):
+        text = self.cleaned_data[field_name]
+        if text:
+            html = site_markup(text)
+            try:
+                image_check(html)
+            except ImageCheckError as ex:
+                raise forms.ValidationError(str(ex))
+        return text
+
+    def clean_profile_text(self):
+        return self._image_check('profile_text')
+
+    def clean_signature(self):
+        return self._image_check('signature')
+
 
 class UploadAvatarForm(forms.Form):
     """Form used to change a user's avatar"""
diff -r 9afe0610aae5 -r 164a39d985ef bio/tests/test_forms.py
--- a/bio/tests/test_forms.py	Fri Nov 27 15:44:06 2015 -0600
+++ b/bio/tests/test_forms.py	Fri Nov 27 15:45:05 2015 -0600
@@ -26,3 +26,26 @@
         form = EditUserProfileForm({})
         self.assertTrue(form.is_valid())
 
+    def test_profile_text_good(self):
+        post_data = {'profile_text': "This is my profile, no images."}
+        form = EditUserProfileForm(post_data)
+        self.assertTrue(form.is_valid())
+
+    def test_profile_text_bad_image(self):
+        post_data = {
+            'profile_text': "I'm cool. ![image](http://example.com/test.jpg)",
+        }
+        form = EditUserProfileForm(post_data)
+        self.assertFalse(form.is_valid())
+
+    def test_signature_good(self):
+        post_data = {'signature': "This is my signature, no images."}
+        form = EditUserProfileForm(post_data)
+        self.assertTrue(form.is_valid())
+
+    def test_signature_bad_image(self):
+        post_data = {
+            'signature': "I'm cool. ![image](http://example.com/test.jpg)",
+        }
+        form = EditUserProfileForm(post_data)
+        self.assertFalse(form.is_valid())