# HG changeset patch # User Brian Neal # Date 1449717364 21600 # Node ID 82f1f6f905eba5e7bc2abba4b223fa2e00a36d8d # Parent 68c3343f3318bf4d96592f05a7e04fe6163572b9 Perform image_check on private messages. diff -r 68c3343f3318 -r 82f1f6f905eb messages/forms.py --- a/messages/forms.py Tue Dec 08 21:39:19 2015 -0600 +++ b/messages/forms.py Wed Dec 09 21:16:04 2015 -0600 @@ -10,6 +10,9 @@ from django.template.loader import render_to_string from core.functions import send_mail +from core.html import ImageCheckError +from core.html import image_check +from core.markup import site_markup from core.widgets import AutoCompleteUserInput import messages from messages.models import Flag, Message, Options @@ -48,9 +51,20 @@ return receiver def clean_message(self): - msg = self.cleaned_data['message'] + msg = self.cleaned_data['message'].strip() if len(msg) > MESSAGE_MAX: raise forms.ValidationError("Your message is too long. Please trim some text.") + + self.html = None + if not msg: + raise forms.ValidationError("Please enter a message.") + + self.html = site_markup(msg) + try: + image_check(self.html) + except ImageCheckError as ex: + raise forms.ValidationError(str(ex)) + return msg def clean(self): @@ -89,7 +103,7 @@ message=message, signature_attached=attach_signature, ) - new_msg.save() + new_msg.save(html=self.html) # Update the parent message (if there is one) parent_id = self.cleaned_data['parent_id'] diff -r 68c3343f3318 -r 82f1f6f905eb messages/models.py --- a/messages/models.py Tue Dec 08 21:39:19 2015 -0600 +++ b/messages/models.py Wed Dec 09 21:16:04 2015 -0600 @@ -64,7 +64,10 @@ def save(self, *args, **kwargs): if not self.id: self.send_date = datetime.datetime.now() - self.html = site_markup(self.message) + + self.html = kwargs.pop('html', None) + if not self.html and self.message: + self.html = site_markup(self.message) super(Message, self).save(*args, **kwargs) def __unicode__(self): diff -r 68c3343f3318 -r 82f1f6f905eb messages/tests/test_forms.py --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/messages/tests/test_forms.py Wed Dec 09 21:16:04 2015 -0600 @@ -0,0 +1,21 @@ +"""Unit tests for the messages application forms.""" + +from django.contrib.auth.models import User +from django.test import TestCase + +from messages.forms import ComposeForm + + +class ComposeFormTestCase(TestCase): + fixtures = ['messages_test_users.json'] + + def test_unsafe_image(self): + data = { + 'receiver': 'pj', + 'subject': 'Test subject', + 'message': 'Hi ![image](http:example.com/a.jpg)', + } + user = User.objects.get(username='eddie') + f = ComposeForm(user, data) + self.assertFalse(f.is_valid()) +