changeset 1012:fc528d4509b0

Prevent mixed content in UserProfiles. Modified sslimages to update UserProfiles. Added another command to check/re-save UserProfiles.
author Brian Neal <bgneal@gmail.com>
date Fri, 27 Nov 2015 16:56:33 -0600
parents 164a39d985ef
children c6bd7308de49
files bio/management/commands/bio_image_check.py core/management/commands/ssl_images.py
diffstat 2 files changed, 61 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/bio/management/commands/bio_image_check.py	Fri Nov 27 16:56:33 2015 -0600
@@ -0,0 +1,51 @@
+"""bio_image_check
+
+A management command to check profiles for non-secure images.
+"""
+from optparse import make_option
+
+from django.core.management.base import NoArgsCommand
+
+from bio.models import UserProfile
+from core.html import image_check
+from core.html import ImageCheckError
+
+
+def _image_check(html):
+    try:
+        image_check(html)
+    except ImageCheckError:
+        return False
+    return True
+
+
+class Command(NoArgsCommand):
+    help = "Checks user profiles for non-secure images"
+    option_list = NoArgsCommand.option_list + (
+            make_option('--resave',
+                action='store_true',
+                dest='resave',
+                default=False,
+                help='Re-save profile if issue found'),
+    )
+
+    def handle_noargs(self, **options):
+
+        resave = options.get('resave', False)
+
+        count = 0
+        for p in UserProfile.objects.iterator():
+            issue_found = False
+            if p.profile_html and not _image_check(p.profile_html):
+                self.stdout.write("%s: profile_text\n" % p.user.username)
+                count += 1
+                issue_found = True
+            if p.signature_html and not _image_check(p.signature_html):
+                self.stdout.write("%s: signature\n" % p.user.username)
+                count += 1
+                issue_found = True
+
+            if issue_found and resave:
+                p.save(content_update=True)
+
+        self.stdout.write("%d problem field(s) found\n" % count)
--- a/core/management/commands/ssl_images.py	Fri Nov 27 15:45:05 2015 -0600
+++ b/core/management/commands/ssl_images.py	Fri Nov 27 16:56:33 2015 -0600
@@ -25,6 +25,7 @@
 from PIL import Image
 import requests
 
+from bio.models import UserProfile
 from comments.models import Comment
 from forums.models import Post
 from core.download import download_file
@@ -43,7 +44,7 @@
 
 SG101_HOSTS = set(['www.surfguitar101.com', 'surfguitar101.com'])
 WHITELIST_HOSTS = set(settings.USER_IMAGES_SOURCES)
-MODEL_CHOICES = ['comments', 'posts', 'news']
+MODEL_CHOICES = ['comments', 'posts', 'news', 'profiles']
 
 PHOTO_MAX_SIZE = (660, 720)
 PHOTO_BASE_URL = settings.HOT_LINK_PHOTOS_BASE_URL
@@ -328,6 +329,7 @@
         if options['model'] not in MODEL_CHOICES:
             raise CommandError('Please choose a --model option')
 
+        save_kwargs = {}
         if options['model'] == 'comments':
             qs = Comment.objects.all()
             text_attrs = ['comment']
@@ -336,6 +338,11 @@
             qs = Post.objects.all()
             text_attrs = ['body']
             model_name = 'Post'
+        elif options['model'] == 'profiles':
+            qs = UserProfile.objects.all()
+            text_attrs = ['profile_text', 'signature']
+            model_name = 'UserProfile'
+            save_kwargs = {'content_update': True}
         else:
             qs = Story.objects.all()
             text_attrs = ['short_text', 'long_text']
@@ -403,7 +410,7 @@
                     logger.debug(u"changed:  %s", new_txt)
                     setattr(model, text_attr, new_txt)
                     save_flag = True
-                elif not html_based and html_check(model.html):
+                elif not html_based and hasattr(model, 'html') and html_check(model.html):
                     # Check for content generated with older smiley code that used
                     # absolute URLs for the smiley images. If True, then just save
                     # the model again to force updated HTML to be created.
@@ -411,7 +418,7 @@
                     save_flag = True
 
             if save_flag:
-                model.save()
+                model.save(**save_kwargs)
             count += 1
 
         time_finished = datetime.datetime.now()