Changes, tweaks and security fixes.
This commit is contained in:
David Rubin
Raoul Snyman
commit
e7d407c19e
@ -88,5 +88,5 @@ class BlogController(BaseController):
|
||||
Session.add(post)
|
||||
Session.commit()
|
||||
h.flash.set_message(u'Successfully submitted your comment.', u'success')
|
||||
h.redirect_to(h.full_url(post))
|
||||
h.redirect_to(h.url_for_post(post))
|
||||
|
||||
|
||||
@ -47,7 +47,8 @@ class PostController(BaseController):
|
||||
c.post = Session.query(Post).get(id)
|
||||
c.page_title = 'Edit Post: %s' % c.post.title
|
||||
return render(u'/post/edit.mako')
|
||||
|
||||
|
||||
@authenticate(u'Edit My Posts')
|
||||
def edit_POST(self, id=None):
|
||||
url = utils.generate_url(c.form_values[u'title'])
|
||||
if id is None:
|
||||
|
||||
@ -78,10 +78,15 @@ def teaser(text, url):
|
||||
text = text[:position]
|
||||
return text
|
||||
|
||||
def full_url(post):
|
||||
return '/archive/%s/%s/%s/%s' % (str(post.created.strftime('%Y')), \
|
||||
str(post.created.strftime('%m')), \
|
||||
str(post.created.strftime('%d')), \
|
||||
str(post.url))
|
||||
def url_for_post(post):
|
||||
#TODO: this is hard coded.
|
||||
return url_for(
|
||||
controller='blog',
|
||||
action='view',
|
||||
year=post.created.strftime('%Y'),
|
||||
month=post.created.strftime('%m'),
|
||||
day=post.created.strftime('%d'),
|
||||
url=post.url
|
||||
)
|
||||
|
||||
flash = Flash()
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
<h2 class="title">Log in</h2>
|
||||
<%include file="/flash.mako"/>
|
||||
<%include file="/errors.mako"/>
|
||||
<form id="post-new" action="${h.url_for('/admin/login')}" method="post">
|
||||
<form id="post-new" action="${h.url_for(controller='admin', action='login')}" method="post">
|
||||
<fieldset>
|
||||
<div class="form-item">
|
||||
<label for="login-email">E-mail:</label>
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
<h2 class="title">Register</h2>
|
||||
<%include file="/flash.mako"/>
|
||||
<%include file="/errors.mako"/>
|
||||
<form id="post-new" action="${h.url_for('/admin/register')}" method="post">
|
||||
<form id="post-new" action="${h.url_for(controller='admin', action='register')}" method="post">
|
||||
<fieldset>
|
||||
<div class="form-item">
|
||||
<label for="register-nick">Nick:</label>
|
||||
|
||||
@ -6,7 +6,7 @@
|
||||
<title>${c.page_title}</title>
|
||||
<meta name="keywords" content="" />
|
||||
<meta name="description" content="" />
|
||||
<link href="/styles/style.css" rel="stylesheet" type="text/css" media="screen" />
|
||||
<link href="${h.url_for('/styles/style.css')}" rel="stylesheet" type="text/css" media="screen" />
|
||||
</head>
|
||||
<body>
|
||||
<div id="header">
|
||||
@ -20,9 +20,10 @@
|
||||
<li><a href="${page.url}">${page.name}</a></li>
|
||||
% endfor
|
||||
% if c.current_user:
|
||||
<li><a href="${h.url_for('/admin/logout')}">Logout</a></li>
|
||||
<li><a href="${h.url_for(controller='post',action='new')}">New Post</a></li>
|
||||
<li><a href="${h.url_for(controller='admin',action='logout')}">Logout</a></li>
|
||||
% else:
|
||||
<li><a href="${h.url_for('/admin/login')}">Login</a></li>
|
||||
<li><a href="${h.url_for(controller='admin',action='login')}">Login</a></li>
|
||||
% endif
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
@ -2,19 +2,19 @@
|
||||
<%include file="/flash.mako"/>
|
||||
% for post in c.posts:
|
||||
<div class="post">
|
||||
<h2 class="title"><a href="${h.full_url(post)}">${post.title}</a></h2>
|
||||
<h2 class="title"><a href="${h.url_for_post(post)}">${post.title}</a></h2>
|
||||
<div class="entry">
|
||||
${h.literal(h.teaser(post.body, h.full_url(post)))}
|
||||
${h.literal(h.teaser(post.body, h.url_for_post(post)))}
|
||||
</div>
|
||||
<p class="meta">
|
||||
<span class="byline">Posted by ${post.user.nick} on ${post.created.strftime('%B %d, %Y')}</span>
|
||||
<a href="${h.full_url(post)}" class="read-more">Read more</a>
|
||||
<a href="${h.url_for_post(post)}" class="read-more">Read more</a>
|
||||
% if len(post.comments) == 0:
|
||||
<a href="${h.full_url(post)}#comments" class="comments">No comments</a>
|
||||
<a href="${h.url_for_post(post)}#comments" class="comments">No comments</a>
|
||||
% elif len(post.comments) == 1:
|
||||
<a href="${h.full_url(post)}#comments" class="comments">1 comment</a>
|
||||
<a href="${h.url_for_post(post)}#comments" class="comments">1 comment</a>
|
||||
% else:
|
||||
<a href="${h.full_url(post)}#comments" class="comments">${len(post.comments)} comments</a>
|
||||
<a href="${h.url_for_post(post)}#comments" class="comments">${len(post.comments)} comments</a>
|
||||
% endif
|
||||
</p>
|
||||
</div>
|
||||
|
||||
@ -1,8 +1,8 @@
|
||||
<div class="post">
|
||||
<%include file="/flash.mako"/>
|
||||
<h2 class="title"><a href="${h.url_for(year=post.created.strftime('%Y'), month=post.created.strftime('%m'), day=post.created.strftime('%d'), url=post.url)}">${post.title}</a></h2>
|
||||
<h2 class="title"><a href="${h.url_for_post(post)}">${post.title}</a></h2>
|
||||
<div class="entry">
|
||||
${h.literal(post.body)}
|
||||
</div>
|
||||
<p class="meta"><span class="byline">Posted by ${post.user.first_name} on ${post.created.strftime('%B %d, %Y')}</span> <a href="${h.url_for(year=post.created.strftime('%Y'), month=post.created.strftime('%m'), day=post.created.strftime('%d'), url=post.url)}#comments" class="comments">18 comments</a></p>
|
||||
<p class="meta"><span class="byline">Posted by ${post.user.first_name} on ${post.created.strftime('%B %d, %Y')}</span> <a href="${h.url_for_post(post)}#comments" class="comments">18 comments</a></p>
|
||||
</div>
|
||||
|
||||
@ -38,10 +38,10 @@
|
||||
% if c.post.comment_status == u'open':
|
||||
<h3 id="respond">Leave a Reply</h3>
|
||||
% if not c.current_user:
|
||||
<p>You must be <a href="${h.url_for('/admin/login')}">logged in</a> to post a comment.</p>
|
||||
<p>You must be <a href="${h.url_for(controller='admin', action='login')}">logged in</a> to post a comment.</p>
|
||||
% else:
|
||||
<form action="${h.url_for('/blog/comment/%s' % c.post.id)}" method="post" id="commentform">
|
||||
<p class="user-details">Logged in as <em>${c.current_user.nick}</em>. <a href="/logout" title="Log out of this account">Logout »</a></p>
|
||||
<form action="${h.url_for(controller='blog',action='comment', id= c.post.id)}" method="post" id="commentform">
|
||||
<p class="user-details">Logged in as <em>${c.current_user.nick}</em>. <a href="${h.url_for(controller='admin',action='logout')}" title="Log out of this account">Logout »</a></p>
|
||||
<p><input type="text" name="title" class="form-text" value="RE: ${c.post.title}" /></p>
|
||||
<p><textarea name="body" class="form-textarea" cols="80" rows="10" tabindex="4"></textarea></p>
|
||||
<p>
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
<h2 class="title">Edit Post: ${c.post.title}</h2>
|
||||
<%include file="/flash.mako"/>
|
||||
<%include file="/errors.mako"/>
|
||||
<form id="post-new" action="${h.url_for('/post/edit/%s' % str(c.post.id))}" method="post">
|
||||
<form id="post-new" action="${h.url_for(controller='post',action='edit', id=c.post.id)}" method="post">
|
||||
<fieldset>
|
||||
<div class="form-item">
|
||||
<!-- <label for="post-title">Title:</label> -->
|
||||
|
||||
@ -20,7 +20,7 @@
|
||||
<h2>Categories</h2>
|
||||
<ul>
|
||||
% for category in c.categories:
|
||||
<li><a href="${h.url_for('/category/%s' % str(category.url))}" title="${category.name}">${category.name}</a> (${len(category.posts)}) </li>
|
||||
<li><a href="${h.url_for(controller='category', action=category.url)}" title="${category.name}">${category.name}</a> (${len(category.posts)}) </li>
|
||||
% endfor
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
Reference in New Issue
Block a user