Changed how the comment was encoded/read.

Fixed CSRF + Post with comment preview.
Merged with latest master
This commit is contained in:
Emily O'Leary 2013-08-06 18:22:51 -04:00 committed by Rodney Ewing
parent 3cf4ae0c41
commit 3bd62dc4ca
3 changed files with 15 additions and 18 deletions

View File

@ -18,21 +18,22 @@
var content="";
function previewComment(){
if ($('#comment_content').val() && (content != $('#comment_content').val())) {
content = $('#comment_content').val();
$.getJSON($('#previewURL').val(),JSON.stringify($('#comment_content').val()),
function(data){
$('#comment_preview').replaceWith("<div id=comment_preview><h3>{% trans -%}Comment Preview{%- endtrans %}</h3><br />" + decodeURIComponent(data) +
"<hr style='border: 1px solid #333;' /></div>");
});
}
if ($('#comment_content').val() && (content != $('#comment_content').val())) {
content = $('#comment_content').val();
$.post($('#previewURL').val(),$('#form_comment').serialize(),
function(data){
preview = JSON.parse(data)
$('#comment_preview').replaceWith("<div id=comment_preview><h3>" + $('#previewText').val() +"</h3><br />" + preview.content +
"<hr style='border: 1px solid #333;' /></div>");
});
}
}
$(document).ready(function(){
$('#form_comment').hide();
$('#button_addcomment').click(function(){
$(this).fadeOut('fast');
$('#form_comment').slideDown(function(){
setInterval("previewComment()",500);
setInterval("previewComment()",500);
$('#comment_content').focus();
});
});

View File

@ -108,6 +108,7 @@
{{ csrf_token }}
</div>
<input type="hidden" value="{{ request.urlgen('mediagoblin.user_pages.media_preview_comment') }}" id="previewURL" />
<input type="hidden" value="{% trans %}Comment Preview{% endtrans %}" id="previewText"/>
</form>
<div id="comment_preview"></div>
{% endif %}

View File

@ -17,7 +17,6 @@
import logging
import datetime
import json
import urllib
from mediagoblin import messages, mg_globals
from mediagoblin.db.models import (MediaEntry, MediaTag, Collection,
@ -199,15 +198,11 @@ def media_post_comment(request, media):
def media_preview_comment(request):
"""Runs a comment through markdown so it can be previewed."""
comment = unicode(request.form['comment_content'])
cleancomment = { "content":cleaned_markdown_conversion(comment)}
comment = unicode(urllib.unquote(request.query_string).decode('string_escape'))
if comment.startswith('"') and comment.endswith('"'):
comment = comment[1:-1]
print comment
#decoderRing = json.JSONDecoder()
#comment = decoderRing.decode(request.query_string)
return Response(json.dumps(cleaned_markdown_conversion(comment)))
return Response(json.dumps(cleancomment))
@get_media_entry_by_id
@require_active_login