← Back to branch summary

~ubuntu-branches/ubuntu/quantal/python-django/quantal-security

« back to all changes in this revision

Viewing changes to django/contrib/comments/views/comments.py

  • Committer: Bazaar Package Importer
  • Author(s): Chris Lamb
  • Date: 2010-05-21 07:52:55 UTC
  • mfrom: (1.3.6 upstream)
  • mto: This revision was merged to the branch mainline in revision 28.
  • Revision ID: james.westby@ubuntu.com-20100521075255-ii78v1dyfmyu3uzx
Tags: upstream-1.2
ImportĀ upstreamĀ versionĀ 1.2

Show diffs side-by-side

added added

removed removed

Lines of Context:
django/contrib/comments/views/comments.py
1
1
from django import http
2
2
from django.conf import settings
3
3
from utils import next_redirect, confirmation_view
4
 
from django.core.exceptions import ObjectDoesNotExist
 
4
from django.core.exceptions import ObjectDoesNotExist, ValidationError
5
5
from django.db import models
6
6
from django.shortcuts import render_to_response
7
7
from django.template import RequestContext
10
10
from django.views.decorators.http import require_POST
11
11
from django.contrib import comments
12
12
from django.contrib.comments import signals
 
13
from django.views.decorators.csrf import csrf_protect
13
14
 
14
15
class CommentPostBadRequest(http.HttpResponseBadRequest):
15
16
    """
22
23
        if settings.DEBUG:
23
24
            self.content = render_to_string("comments/400-debug.html", {"why": why})
24
25
 
25
 
def post_comment(request, next=None):
 
26
@csrf_protect
 
27
@require_POST
 
28
def post_comment(request, next=None, using=None):
26
29
    """
27
30
    Post a comment.
28
31
 
47
50
        return CommentPostBadRequest("Missing content_type or object_pk field.")
48
51
    try:
49
52
        model = models.get_model(*ctype.split(".", 1))
50
 
        target = model._default_manager.get(pk=object_pk)
 
53
        target = model._default_manager.using(using).get(pk=object_pk)
51
54
    except TypeError:
52
55
        return CommentPostBadRequest(
53
56
            "Invalid content_type value: %r" % escape(ctype))
59
62
        return CommentPostBadRequest(
60
63
            "No object matching content-type %r and object PK %r exists." % \
61
64
                (escape(ctype), escape(object_pk)))
 
65
    except (ValueError, ValidationError), e:
 
66
        return CommentPostBadRequest(
 
67
            "Attempting go get content-type %r and object PK %r exists raised %s" % \
 
68
                (escape(ctype), escape(object_pk), e.__class__.__name__))
62
69
 
63
70
    # Do we want to preview the comment?
64
71
    preview = "preview" in data
75
82
    # If there are errors or if we requested a preview show the comment
76
83
    if form.errors or preview:
77
84
        template_list = [
78
 
            "comments/%s_%s_preview.html" % tuple(str(model._meta).split(".")),
 
85
            # These first two exist for purely historical reasons.
 
86
            # Django v1.0 and v1.1 allowed the underscore format for
 
87
            # preview templates, so we have to preserve that format.
 
88
            "comments/%s_%s_preview.html" % (model._meta.app_label, model._meta.module_name),
79
89
            "comments/%s_preview.html" % model._meta.app_label,
 
90
            # Now the usual directory based template heirarchy.
 
91
            "comments/%s/%s/preview.html" % (model._meta.app_label, model._meta.module_name),
 
92
            "comments/%s/preview.html" % model._meta.app_label,
80
93
            "comments/preview.html",
81
94
        ]
82
95
        return render_to_response(
116
129
 
117
130
    return next_redirect(data, next, comment_done, c=comment._get_pk_val())
118
131
 
119
 
post_comment = require_POST(post_comment)
120
 
 
121
132
comment_done = confirmation_view(
122
133
    template = "comments/posted.html",
123
134
    doc = """Display a "comment was posted" success page."""