Changed how the comment was encoded/read.

Fixed CSRF + Post with comment preview. Merged with latest master
2013-08-06 18:22:51 -04:00 · 2013-08-06 18:22:51 -04:00 · 3bd62dc4ca
commit 3bd62dc4ca
parent 3cf4ae0c41
3 changed files with 15 additions and 18 deletions
--- a/mediagoblin/static/js/comment_show.js
+++ b/mediagoblin/static/js/comment_show.js
@ -18,21 +18,22 @@
 var content="";

 function previewComment(){
-	if ($('#comment_content').val() && (content != $('#comment_content').val())) {
-		content = $('#comment_content').val();
-		$.getJSON($('#previewURL').val(),JSON.stringify($('#comment_content').val()),
-		function(data){
-			$('#comment_preview').replaceWith("<div id=comment_preview><h3>{% trans -%}Comment Preview{%- endtrans %}</h3><br />" + decodeURIComponent(data) + 
-			"<hr style='border: 1px solid #333;' /></div>");
-		});
-	}
+    if ($('#comment_content').val() && (content != $('#comment_content').val())) {
+        content = $('#comment_content').val();
+        $.post($('#previewURL').val(),$('#form_comment').serialize(),
+        function(data){
+            preview = JSON.parse(data)
+            $('#comment_preview').replaceWith("<div id=comment_preview><h3>" + $('#previewText').val() +"</h3><br />" + preview.content + 
+            "<hr style='border: 1px solid #333;' /></div>");
+        });
+    }
 }
 $(document).ready(function(){
  $('#form_comment').hide();
  $('#button_addcomment').click(function(){
    $(this).fadeOut('fast');
    $('#form_comment').slideDown(function(){
-	setInterval("previewComment()",500);
+    setInterval("previewComment()",500);
        $('#comment_content').focus();
    });
  });
--- a/mediagoblin/templates/mediagoblin/user_pages/media.html
+++ b/mediagoblin/templates/mediagoblin/user_pages/media.html
@ -108,6 +108,7 @@
              {{ csrf_token }}
          </div>
          <input type="hidden" value="{{ request.urlgen('mediagoblin.user_pages.media_preview_comment') }}" id="previewURL" />
+          <input type="hidden" value="{% trans %}Comment Preview{% endtrans %}" id="previewText"/>
        </form>
 	<div id="comment_preview"></div>
      {% endif %}
--- a/mediagoblin/user_pages/views.py
+++ b/mediagoblin/user_pages/views.py
@ -17,7 +17,6 @@
 import logging
 import datetime
 import json
-import urllib

 from mediagoblin import messages, mg_globals
 from mediagoblin.db.models import (MediaEntry, MediaTag, Collection,
@ -199,15 +198,11 @@ def media_post_comment(request, media):


 def media_preview_comment(request):
+    """Runs a comment through markdown so it can be previewed."""
+    comment = unicode(request.form['comment_content'])
+    cleancomment = { "content":cleaned_markdown_conversion(comment)}

-    comment = unicode(urllib.unquote(request.query_string).decode('string_escape'))
-    if comment.startswith('"') and comment.endswith('"'):
-        comment = comment[1:-1]
-    print comment
-    #decoderRing = json.JSONDecoder()
-   #comment = decoderRing.decode(request.query_string)
-
-    return Response(json.dumps(cleaned_markdown_conversion(comment)))
+    return Response(json.dumps(cleancomment))

@get_media_entry_by_id
@require_active_login