Changes, tweaks and security fixes.

This commit is contained in:
David Rubin 2010-01-19 22:35:05 +02:00 committed by Raoul Snyman
commit e7d407c19e
11 changed files with 32 additions and 25 deletions

View File

@ -88,5 +88,5 @@ class BlogController(BaseController):
Session.add(post)
Session.commit()
h.flash.set_message(u'Successfully submitted your comment.', u'success')
h.redirect_to(h.full_url(post))
h.redirect_to(h.url_for_post(post))

View File

@ -47,7 +47,8 @@ class PostController(BaseController):
c.post = Session.query(Post).get(id)
c.page_title = 'Edit Post: %s' % c.post.title
return render(u'/post/edit.mako')
@authenticate(u'Edit My Posts')
def edit_POST(self, id=None):
url = utils.generate_url(c.form_values[u'title'])
if id is None:

View File

@ -78,10 +78,15 @@ def teaser(text, url):
text = text[:position]
return text
def full_url(post):
return '/archive/%s/%s/%s/%s' % (str(post.created.strftime('%Y')), \
str(post.created.strftime('%m')), \
str(post.created.strftime('%d')), \
str(post.url))
def url_for_post(post):
#TODO: this is hard coded.
return url_for(
controller='blog',
action='view',
year=post.created.strftime('%Y'),
month=post.created.strftime('%m'),
day=post.created.strftime('%d'),
url=post.url
)
flash = Flash()

View File

@ -3,7 +3,7 @@
<h2 class="title">Log in</h2>
<%include file="/flash.mako"/>
<%include file="/errors.mako"/>
<form id="post-new" action="${h.url_for('/admin/login')}" method="post">
<form id="post-new" action="${h.url_for(controller='admin', action='login')}" method="post">
<fieldset>
<div class="form-item">
<label for="login-email">E-mail:</label>

View File

@ -3,7 +3,7 @@
<h2 class="title">Register</h2>
<%include file="/flash.mako"/>
<%include file="/errors.mako"/>
<form id="post-new" action="${h.url_for('/admin/register')}" method="post">
<form id="post-new" action="${h.url_for(controller='admin', action='register')}" method="post">
<fieldset>
<div class="form-item">
<label for="register-nick">Nick:</label>

View File

@ -6,7 +6,7 @@
<title>${c.page_title}</title>
<meta name="keywords" content="" />
<meta name="description" content="" />
<link href="/styles/style.css" rel="stylesheet" type="text/css" media="screen" />
<link href="${h.url_for('/styles/style.css')}" rel="stylesheet" type="text/css" media="screen" />
</head>
<body>
<div id="header">
@ -20,9 +20,10 @@
<li><a href="${page.url}">${page.name}</a></li>
% endfor
% if c.current_user:
<li><a href="${h.url_for('/admin/logout')}">Logout</a></li>
<li><a href="${h.url_for(controller='post',action='new')}">New Post</a></li>
<li><a href="${h.url_for(controller='admin',action='logout')}">Logout</a></li>
% else:
<li><a href="${h.url_for('/admin/login')}">Login</a></li>
<li><a href="${h.url_for(controller='admin',action='login')}">Login</a></li>
% endif
</ul>
</div>

View File

@ -2,19 +2,19 @@
<%include file="/flash.mako"/>
% for post in c.posts:
<div class="post">
<h2 class="title"><a href="${h.full_url(post)}">${post.title}</a></h2>
<h2 class="title"><a href="${h.url_for_post(post)}">${post.title}</a></h2>
<div class="entry">
${h.literal(h.teaser(post.body, h.full_url(post)))}
${h.literal(h.teaser(post.body, h.url_for_post(post)))}
</div>
<p class="meta">
<span class="byline">Posted by ${post.user.nick} on ${post.created.strftime('%B %d, %Y')}</span>
<a href="${h.full_url(post)}" class="read-more">Read more</a>
<a href="${h.url_for_post(post)}" class="read-more">Read more</a>
% if len(post.comments) == 0:
<a href="${h.full_url(post)}#comments" class="comments">No comments</a>
<a href="${h.url_for_post(post)}#comments" class="comments">No comments</a>
% elif len(post.comments) == 1:
<a href="${h.full_url(post)}#comments" class="comments">1 comment</a>
<a href="${h.url_for_post(post)}#comments" class="comments">1 comment</a>
% else:
<a href="${h.full_url(post)}#comments" class="comments">${len(post.comments)} comments</a>
<a href="${h.url_for_post(post)}#comments" class="comments">${len(post.comments)} comments</a>
% endif
</p>
</div>

View File

@ -1,8 +1,8 @@
<div class="post">
<%include file="/flash.mako"/>
<h2 class="title"><a href="${h.url_for(year=post.created.strftime('%Y'), month=post.created.strftime('%m'), day=post.created.strftime('%d'), url=post.url)}">${post.title}</a></h2>
<h2 class="title"><a href="${h.url_for_post(post)}">${post.title}</a></h2>
<div class="entry">
${h.literal(post.body)}
</div>
<p class="meta"><span class="byline">Posted by ${post.user.first_name} on ${post.created.strftime('%B %d, %Y')}</span> <a href="${h.url_for(year=post.created.strftime('%Y'), month=post.created.strftime('%m'), day=post.created.strftime('%d'), url=post.url)}#comments" class="comments">18 comments</a></p>
<p class="meta"><span class="byline">Posted by ${post.user.first_name} on ${post.created.strftime('%B %d, %Y')}</span> <a href="${h.url_for_post(post)}#comments" class="comments">18 comments</a></p>
</div>

View File

@ -38,10 +38,10 @@
% if c.post.comment_status == u'open':
<h3 id="respond">Leave a Reply</h3>
% if not c.current_user:
<p>You must be <a href="${h.url_for('/admin/login')}">logged in</a> to post a comment.</p>
<p>You must be <a href="${h.url_for(controller='admin', action='login')}">logged in</a> to post a comment.</p>
% else:
<form action="${h.url_for('/blog/comment/%s' % c.post.id)}" method="post" id="commentform">
<p class="user-details">Logged in as <em>${c.current_user.nick}</em>. <a href="/logout" title="Log out of this account">Logout &raquo;</a></p>
<form action="${h.url_for(controller='blog',action='comment', id= c.post.id)}" method="post" id="commentform">
<p class="user-details">Logged in as <em>${c.current_user.nick}</em>. <a href="${h.url_for(controller='admin',action='logout')}" title="Log out of this account">Logout &raquo;</a></p>
<p><input type="text" name="title" class="form-text" value="RE: ${c.post.title}" /></p>
<p><textarea name="body" class="form-textarea" cols="80" rows="10" tabindex="4"></textarea></p>
<p>

View File

@ -3,7 +3,7 @@
<h2 class="title">Edit Post: ${c.post.title}</h2>
<%include file="/flash.mako"/>
<%include file="/errors.mako"/>
<form id="post-new" action="${h.url_for('/post/edit/%s' % str(c.post.id))}" method="post">
<form id="post-new" action="${h.url_for(controller='post',action='edit', id=c.post.id)}" method="post">
<fieldset>
<div class="form-item">
<!-- <label for="post-title">Title:</label> -->

View File

@ -20,7 +20,7 @@
<h2>Categories</h2>
<ul>
% for category in c.categories:
<li><a href="${h.url_for('/category/%s' % str(category.url))}" title="${category.name}">${category.name}</a> (${len(category.posts)}) </li>
<li><a href="${h.url_for(controller='category', action=category.url)}" title="${category.name}">${category.name}</a> (${len(category.posts)}) </li>
% endfor
</ul>
</li>