heckyel/mediagoblin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Changed how the comment was encoded/read.

Browse Source 
Fixed CSRF + Post with comment preview.
Merged with latest master
This commit is contained in:
Emily O'Leary 2013-08-06 18:22:51 -04:00 committed by Rodney Ewing
parent 3cf4ae0c41
commit 3bd62dc4ca
3 changed files with 15 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
mediagoblin/static/js/comment_show.js
View File

@ -20,9 +20,10 @@ var content="";
function previewComment(){ function previewComment(){
if ($('#comment_content').val() && (content != $('#comment_content').val())) { if ($('#comment_content').val() && (content != $('#comment_content').val())) {
content = $('#comment_content').val(); content = $('#comment_content').val();
$.getJSON($('#previewURL').val(),JSON.stringify($('#comment_content').val()), $.post($('#previewURL').val(),$('#form_comment').serialize(),
function(data){ function(data){
$('#comment_preview').replaceWith("<div id=comment_preview><h3>{% trans -%}Comment Preview{%- endtrans %}</h3><br />" + decodeURIComponent(data) + preview = JSON.parse(data)
$('#comment_preview').replaceWith("<div id=comment_preview><h3>" + $('#previewText').val() +"</h3><br />" + preview.content +
"<hr style='border: 1px solid #333;' /></div>"); "<hr style='border: 1px solid #333;' /></div>");
}); });
} }

1
mediagoblin/templates/mediagoblin/user_pages/media.html
View File

@ -108,6 +108,7 @@
{{ csrf_token }} {{ csrf_token }}
</div> </div>
<input type="hidden" value="{{ request.urlgen('mediagoblin.user_pages.media_preview_comment') }}" id="previewURL" /> <input type="hidden" value="{{ request.urlgen('mediagoblin.user_pages.media_preview_comment') }}" id="previewURL" />
<input type="hidden" value="{% trans %}Comment Preview{% endtrans %}" id="previewText"/>
</form> </form>
<div id="comment_preview"></div> <div id="comment_preview"></div>
{% endif %} {% endif %}

13
mediagoblin/user_pages/views.py
View File

@ -17,7 +17,6 @@
import logging import logging
import datetime import datetime
import json import json
import urllib
from mediagoblin import messages, mg_globals from mediagoblin import messages, mg_globals
from mediagoblin.db.models import (MediaEntry, MediaTag, Collection, from mediagoblin.db.models import (MediaEntry, MediaTag, Collection,
@ -199,15 +198,11 @@ def media_post_comment(request, media):
def media_preview_comment(request): def media_preview_comment(request):
"""Runs a comment through markdown so it can be previewed."""
comment = unicode(request.form['comment_content'])
cleancomment = { "content":cleaned_markdown_conversion(comment)}
comment = unicode(urllib.unquote(request.query_string).decode('string_escape')) return Response(json.dumps(cleancomment))
if comment.startswith('"') and comment.endswith('"'):
comment = comment[1:-1]
print comment
#decoderRing = json.JSONDecoder()
#comment = decoderRing.decode(request.query_string)
return Response(json.dumps(cleaned_markdown_conversion(comment)))
@get_media_entry_by_id @get_media_entry_by_id
@require_active_login @require_active_login