def edit_blog(slug):
try:
blog = sqla.session.query(sqlm.Blog).filter_by(slug=slug)[0]
except IndexError:
sqla.session.rollback()
return abort(404)
if current_user != blog.author:
if not current_user.is_admin and not current_user.is_mod:
if current_user not in blog.editors:
return abort(404)
form = BlogSettingsForm(csrf_enabled=False)
if form.validate_on_submit():
blog.name = form.title.data
cleaner = ForumHTMLCleaner()
try:
blog.description = cleaner.clean(form.description.data)
except:
return abort(500)
blog.privacy_setting = form.privacy_setting.data
sqla.session.add(blog)
sqla.session.commit()
return redirect("/blog/" + str(blog.slug))
else:
form.description.data = blog.description
form.privacy_setting.data = blog.privacy_setting
form.title.data = blog.name
return render_template("blogs/edit_blog.jade",
form=form,
blog=blog,
page_title="Edit Blog - %s" %
(app.get_site_config("core.site-name"), ))
def edit_gallery_image(slug):
request_json = request.get_json(force=True)
try:
character = sqla.session.query(sqlm.Character).filter_by(slug=slug.strip().lower())[0]
except IndexError:
return abort(404)
if current_user != character.author and not current_user.is_admin:
return abort(404)
try:
attachment = sqla.session.query(sqlm.Attachment).filter_by(id=request_json["pk"])[0]
except IndexError:
return abort(404)
if attachment.character != character:
return abort(404)
cleaner = ForumHTMLCleaner()
attachment.caption=cleaner.basic_escape(request_json.get("author", ""))
attachment.alt=cleaner.basic_escape(request_json.get("caption", ""))
attachment.origin_url=cleaner.basic_escape(request_json.get("source", ""))
sqla.session.add(attachment)
sqla.session.commit()
return app.jsonify(success=True)
def new_signature(login_name):
try:
user = sqla.session.query(
sqlm.User).filter_by(my_url=login_name.strip().lower())[0]
except IndexError:
abort(404)
if user != current_user:
abort(404)
form = NewSignature(csrf_enabled=False)
if form.validate_on_submit():
signature = sqlm.Signature()
signature.name = form.name.data
cleaner = ForumHTMLCleaner()
signature.html = cleaner.clean(form.signature.data)
signature.active = form.active.data
signature.owner = user
signature.owner_name = user.login_name
signature.created = arrow.utcnow().datetime.replace(tzinfo=None)
sqla.session.add(signature)
sqla.session.commit()
return redirect("/member/" + str(user.my_url) + "/signatures")
return render_template("profile/new_signature.jade",
form=form,
profile=user,
page_title="New Signature - %s" %
(app.get_site_config("core.site-name"), ))
def edit_signature(login_name, id):
try:
user = sqla.session.query(
sqlm.User).filter_by(my_url=login_name.strip().lower())[0]
except IndexError:
abort(404)
if user != current_user and not current_user.is_admin:
abort(404)
try:
signature = sqla.session.query(sqlm.Signature).filter_by(id=id)[0]
except IndexError:
abort(404)
form = NewSignature(csrf_enabled=False)
if form.validate_on_submit():
signature.name = form.name.data
cleaner = ForumHTMLCleaner()
signature.html = cleaner.clean(form.signature.data)
signature.active = form.active.data
sqla.session.add(signature)
sqla.session.commit()
return redirect("/member/" + str(user.my_url) + "/signatures")
else:
form.active.data = signature.active
form.signature.data = signature.html
form.name.data = signature.name
return render_template("profile/edit_signature.jade",
form=form,
profile=user,
signature=signature,
page_title="Edit Signature - %s" %
(app.get_site_config("core.site-name"), ))
def edit_profile(login_name):
try:
user = sqla.session.query(
sqlm.User).filter_by(my_url=login_name.strip().lower())[0]
except IndexError:
abort(404)
if current_user != user and not current_user.is_admin:
abort(404)
try:
if len(request.form.get("about_me")) > 50000:
return app.jsonify(error="Your profile text is too large.")
except TypeError:
pass
if request.method == 'POST':
cleaner = ForumHTMLCleaner()
user.about_me = cleaner.clean(request.form.get("about_me"))
sqla.session.add(user)
sqla.session.commit()
parser = ForumPostParser()
# user.about_me = parser.parse(user.about_me)
return json.jsonify(about_me=parser.parse(user.about_me, _object=user))
else:
return json.jsonify(content=user.about_me)
def status_update_replies(status):
try:
status = sqla.session.query(sqlm.StatusUpdate).filter_by(id=status)[0]
except:
return abort(404)
request.canonical = app.config['BASE'] + "/status/%s" % (status, )
if status.hidden == True and (current_user.is_admin != True
or current_user.is_mod != True):
return abort(404)
cleaner = ForumHTMLCleaner()
replies = []
for reply in sqla.session.query(sqlm.StatusComment).filter_by(
status=status, hidden=False).order_by(sqlm.StatusComment.created):
parsed_reply = {}
parsed_reply["text"] = cleaner.escape(reply.message)
parsed_reply["user_name"] = reply.author.display_name
parsed_reply["author_login_name"] = reply.author.my_url
parsed_reply["user_avatar"] = reply.author.get_avatar_url("60")
parsed_reply["user_avatar_x"] = reply.author.avatar_60_x
parsed_reply["user_avatar_y"] = reply.author.avatar_60_y
parsed_reply["is_admin"] = current_user.is_admin
parsed_reply["time"] = humanize_time(reply.created)
parsed_reply["idx"] = reply.id
replies.append(parsed_reply)
return app.jsonify(replies=replies, count=status.get_comment_count())
def edit_post_in_pm_topic(pk):
try:
topic = sqla.session.query(sqlm.PrivateMessage).filter_by(id=pk)[0]
except IndexError:
return abort(404)
try:
pm_user = sqla.session.query(sqlm.PrivateMessageUser).filter_by(
pm=topic, author=current_user)[0]
except IndexError:
return abort(404)
request_json = request.get_json(force=True)
try:
message = sqla.session.query(sqlm.PrivateMessageReply).filter_by(
id=request_json.get("pk"), pm=topic)[0]
except IndexError:
return abort(404)
if current_user != message.author:
return abort(404)
if request_json.get("text", "").strip() == "":
return app.jsonify(error="Your post is empty.")
if len(request_json.get("text", "")) > 50000:
return app.jsonify(error="Your post is too large.")
cleaner = ForumHTMLCleaner()
try:
post_html = cleaner.clean(request_json.get("post", ""))
except:
return abort(500)
message.message = post_html
message.modified = arrow.utcnow().datetime
sqla.session.add(message)
sqla.session.commit()
clean_html_parser = ForumPostParser()
return app.jsonify(html=clean_html_parser.parse(message.message,
_object=message),
success=True)
def edit_blog_comment(slug, entry_slug, comment_id):
try:
blog = sqla.session.query(sqlm.Blog).filter_by(slug=slug)[0]
except IndexError:
sqla.session.rollback()
return abort(404)
try:
entry = sqla.session.query(sqlm.BlogEntry).filter_by(
blog=blog, slug=entry_slug)[0]
except IndexError:
sqla.session.rollback()
return abort(404)
try:
comment = sqla.session.query(sqlm.BlogComment).filter_by(
blog=blog, id=comment_id, blog_entry=entry)[0]
except IndexError:
sqla.session.rollback()
return abort(404)
if current_user != comment.author:
return abort(404)
form = BlogCommentForm(csrf_enabled=False)
if form.validate_on_submit():
cleaner = ForumHTMLCleaner()
try:
comment.html = cleaner.clean(form.comment.data)
except:
return abort(500)
sqla.session.add(comment)
sqla.session.commit()
return redirect("/blog/" + str(blog.slug) + "/e/" + str(entry_slug))
else:
form.comment.data = comment.html
return render_template("blogs/edit_blog_entry_comment.jade",
form=form,
blog=blog,
entry=entry,
comment=comment,
page_title="Edit Blog Comment - %s" %
(app.get_site_config("core.site-name"), ))
def new_blog():
form = BlogSettingsForm(csrf_enabled=False)
if form.validate_on_submit():
b = sqlm.Blog()
b.name = form.title.data
cleaner = ForumHTMLCleaner()
try:
b.description = cleaner.clean(form.description.data)
except:
return abort(500)
b.privacy_setting = form.privacy_setting.data
b.slug = sqlm.find_blog_slug(b.name)
b.author = current_user
sqla.session.add(b)
sqla.session.commit()
return redirect("/blog/" + str(b.slug))
return render_template("blogs/create_new_blog.jade",
form=form,
page_title="New Blog - %s" %
(app.get_site_config("core.site-name"), ))
def create_character():
form = CharacterForm(csrf_enabled=False)
if form.validate_on_submit():
cleaner = ForumHTMLCleaner()
try:
name = cleaner.basic_escape(form.name.data)
except:
return abort(500)
try:
species = cleaner.basic_escape(form.species.data)
except:
return abort(500)
try:
motto = cleaner.basic_escape(form.motto.data)
except:
return abort(500)
try:
age = cleaner.basic_escape(form.age.data)
except:
return abort(500)
character = sqlm.Character()
character.age = form.age.data
character.species =form.species.data
character.name = form.name.data
character.motto = form.motto.data
character.appearance = form.appearance.data
character.personality = form.personality.data
character.backstory = form.backstory.data
character.other = form.other.data
character.created = arrow.utcnow().datetime.replace(tzinfo=None)
character.post_count = 0
character.slug = sqlm.get_character_slug(character.name)
character.author = current_user
sqla.session.add(character)
sqla.session.commit()
return redirect("/characters/"+str(character.slug))
else:
pass
return render_template("roleplay/new_character.jade", form=form, page_title="Create a Character - %s" % (app.get_site_config("core.site-name"),))
def make_status_update_reply(status):
try:
status = sqla.session.query(sqlm.StatusUpdate).filter_by(id=status)[0]
except:
return abort(404)
if status.hidden == True and (current_user.is_admin != True
or current_user.is_mod != True):
return abort(404)
if status.muted and current_user != status.author:
return app.jsonify(error="This status update is silenced. Shhh!")
if (current_user in [u.ignoring for u in status.author.ignored_users
]) and not current_user.is_admin:
return app.jsonify(error="User has blocked you.")
try:
if not (current_user.is_admin or current_user.is_mod) and \
(sqla.session.query(sqlm.StatusUpdateUser). \
filter_by(status=status, author=current_user)[0].blocked):
return app.jsonify(
error="You have been blocked from this status update.")
except IndexError:
pass
if status.locked:
return app.jsonify(error="This status update is locked.")
if status.get_comment_count() > 199:
return app.jsonify(error="This status update is full!")
request_json = request.get_json(force=True)
if request_json.get("reply", "").strip() == "":
return app.jsonify(error="Your status update is empty.")
if len(request_json.get("reply", "")) > 1000:
return app.jsonify(error="Your status update is too long.")
cleaner = ForumHTMLCleaner()
try:
cleaner.escape(request_json.get("reply", ""))
except:
return abort(500)
_html = request_json.get("reply", "").strip()
user_last_comment = False
for comment in status.comments:
if comment.author == current_user:
user_last_comment = comment
if user_last_comment:
difference = (arrow.utcnow().datetime -
arrow.get(user_last_comment.created).datetime).seconds
if difference < 2:
return app.jsonify(
error="Please wait %s seconds before you can reply again." %
(2 - difference))
sc = sqlm.StatusComment()
sc.created = arrow.utcnow().datetime.replace(tzinfo=None)
sc.message = _html
sc.author = current_user
sc.status = status
sqla.session.add(sc)
sqla.session.commit()
status.replies = status.get_comment_count()
status.last_replied = arrow.utcnow().datetime.replace(tzinfo=None)
sqla.session.add(status)
sqla.session.commit()
if not current_user in status.participants:
status.participants.append(current_user)
clean_html_parser = ForumPostParser()
parsed_reply = {}
parsed_reply["text"] = cleaner.escape(sc.message)
parsed_reply["user_name"] = sc.author.display_name
parsed_reply["user_avatar"] = sc.author.get_avatar_url("60")
parsed_reply["user_avatar_x"] = sc.author.avatar_60_x
parsed_reply["author_login_name"] = sc.author.my_url
parsed_reply["user_avatar_y"] = sc.author.avatar_60_y
parsed_reply["time"] = humanize_time(sc.created)
send_notify_to_users = []
exclude_from_mention = []
for user in sqla.session.query(
sqlm.StatusUpdateUser).filter_by(status=status).all():
if user.author == current_user:
exclude_from_mention.append(user.author.id)
continue
if user.ignoring:
exclude_from_mention.append(user.author.id)
continue
if user.author == status.author:
exclude_from_mention.append(user.author.id)
continue
send_notify_to_users.append(user.author)
exclude_from_mention.append(user.author.id)
broadcast(to=send_notify_to_users,
category="status",
url="/status/" + str(status.id),
title="replied to %s's status update" %
(str(status.author.display_name), ),
description=status.message,
content=status,
author=current_user)
try:
status_user = sqla.session.query(sqlm.StatusUpdateUser).filter_by(
status=status, author=status.author)[0]
except IndexError:
status_user = None
if current_user != status.author:
if status_user == None:
broadcast(to=[status.author],
category="status",
url="/status/" + str(status.id),
title="replied to your status update",
description=status.message,
content=status,
author=current_user)
else:
if not status_user.ignoring:
broadcast(to=[status.author],
category="status",
url="/status/" + str(status.id),
title="replied to your status update",
description=status.message,
content=status,
author=current_user)
scan_status_for_mentions(sc, exclude_from_mention, is_reply=True)
return app.jsonify(newest_reply=parsed_reply,
count=status.get_comment_count(),
success=True)
def status_update_index():
count = session.get("count", 15)
authors = session.get("authors", [])
search = session.get("search", "")
if request.method == 'POST':
request_json = request.get_json(force=True)
count = int(request_json.get("count", 15))
if count > 1000:
count = 1000
session["count"] = count
search = request_json.get("search", "")[0:100]
session["search"] = search
if request_json.get("authors"):
author_objects = list(
sqla.session.query(sqlm.User) \
.filter(sqlm.User.id.in_(request_json.get("authors"))) \
.all()
)
session["authors"] = [{
"id": a.id,
"text": a.display_name
} for a in author_objects]
authors = [{
"id": a.id,
"text": a.display_name
} for a in author_objects]
query_ = sqla.session.query(sqlm.StatusUpdate).filter_by(hidden=False)
if authors:
query_ = query_.filter(
sqlm.StatusUpdate.author_id.in_([a["id"] for a in authors]))
status_updates = parse_search_string(search, sqlm.StatusUpdate, query_, [
"message",
]).order_by(sqla.desc(sqlm.StatusUpdate.created))[:count]
cleaner = ForumHTMLCleaner()
if request.method == 'POST':
parsed_statuses = []
for status in status_updates:
parsed_status = {}
parsed_status["_id"] = status.id
parsed_status["profile_address"] = url_for(
'view_profile', login_name=status.author.my_url)
parsed_status["user_name"] = status.author.display_name
parsed_status["message"] = cleaner.escape(status.message)
parsed_status["user_avatar"] = status.author.get_avatar_url("60")
if status.attached_to_user != None:
parsed_status[
"attached_to_user"] = status.attached_to_user.display_name
parsed_status["attached_to_user_url"] = url_for(
'view_profile', login_name=status.attached_to_user.my_url)
else:
parsed_status["attached_to_user"] = False
parsed_status["user_avatar_x"] = status.author.avatar_60_x
parsed_status["user_avatar_y"] = status.author.avatar_60_y
parsed_status["created"] = humanize_time(status.created)
parsed_status["comment_count"] = status.get_comment_count()
parsed_statuses.append(parsed_status)
return app.jsonify(status_updates=parsed_statuses)
else:
return render_template("core/status_index.jade",
page_title="Status Updates - %s" %
(app.get_site_config("core.site-name"), ),
status_updates=status_updates,
count=count,
search=search,
authors=json.dumps(authors))
def new_message_in_pm_topic(pk):
try:
topic = sqla.session.query(sqlm.PrivateMessage).filter_by(id=pk)[0]
except IndexError:
return abort(404)
try:
pm_user = sqla.session.query(sqlm.PrivateMessageUser).filter_by(
pm=topic, author=current_user)[0]
except IndexError:
return abort(404)
difference = (arrow.utcnow().datetime -
arrow.get(topic.last_reply.created).datetime).seconds
if difference < 10 and topic.last_reply.author == current_user:
return app.jsonify(
error="Please wait %s seconds before you can reply again." %
(10 - difference))
request_json = request.get_json(force=True)
if len(request_json.get("text", "")) > 50000:
return app.jsonify(error="Your post is too large.")
if request_json.get("text", "").strip() == "":
return app.jsonify(error="Your post is empty.")
non_left_or_blocked_users = sqla.session.query(
sqlm.PrivateMessageUser).filter_by(pm=topic,
exited=False,
blocked=False).count()
if non_left_or_blocked_users == 1:
return app.jsonify(
error=
"There is only one participant in this private message. Don't talk to yourself. :)"
)
cleaner = ForumHTMLCleaner()
try:
post_html = cleaner.clean(request_json.get("post", ""))
except:
return abort(500)
message = sqlm.PrivateMessageReply()
message.message = post_html
message.author = current_user
message.created = arrow.utcnow().datetime.replace(tzinfo=None)
message.pm = topic
message.pm_title = topic.title
sqla.session.add(message)
sqla.session.commit()
topic.last_reply = message
topic.count = topic.count + 1
sqla.session.add(topic)
sqla.session.commit()
clean_html_parser = ForumPostParser()
parsed_post = {}
parsed_post["created"] = humanize_time(message.created, "MMM D YYYY")
parsed_post["modified"] = humanize_time(message.modified, "MMM D YYYY")
parsed_post["html"] = clean_html_parser.parse(message.message,
_object=message)
parsed_post["user_avatar"] = message.author.get_avatar_url()
parsed_post["user_avatar_x"] = message.author.avatar_full_x
parsed_post["user_avatar_y"] = message.author.avatar_full_y
parsed_post["user_avatar_60"] = message.author.get_avatar_url("60")
parsed_post["user_avatar_x_60"] = message.author.avatar_60_x
parsed_post["user_avatar_y_60"] = message.author.avatar_60_y
parsed_post["user_title"] = message.author.title
parsed_post["_id"] = message.id
parsed_post["author_name"] = message.author.display_name
parsed_post["author_login_name"] = message.author.my_url
parsed_post["author_actual_login_name"] = message.author.login_name
post_count = sqla.session.query(
sqlm.PrivateMessageReply).filter_by(pm=topic).count()
notify_users = []
for u in sqla.session.query(sqlm.PrivateMessageUser).filter_by(pm=topic):
if u.author == message.author:
continue
if u.exited or u.blocked or u.ignoring:
continue
notify_users.append(u.author)
broadcast(to=notify_users,
category="pm",
url="/messages/%s/page/1/post/%s" %
(str(topic.id), str(message.id)),
title="replied to %s" % (str(topic.title)),
description=message.message,
content=topic,
author=message.author)
return app.jsonify(newest_post=parsed_post, count=post_count, success=True)
def new_blog_entry(slug):
try:
blog = sqla.session.query(sqlm.Blog).filter_by(slug=slug)[0]
except IndexError:
sqla.session.rollback()
return abort(404)
if current_user != blog.author:
if current_user not in blog.editors:
return abort(404)
form = BlogEntryForm(csrf_enabled=False)
if form.validate_on_submit():
e = sqlm.BlogEntry()
e.blog = blog
e.title = form.title.data
e.author = current_user
e.slug = sqlm.find_blog_entry_slug(e.title, blog)
e.draft = form.draft.data
cleaner = ForumHTMLCleaner()
try:
e.html = cleaner.clean(form.entry.data)
except:
return abort(500)
e.created = arrow.utcnow().datetime.replace(tzinfo=None)
if e.draft == False:
e.published = arrow.utcnow().datetime.replace(tzinfo=None)
e.b_title = blog.name
sqla.session.add(e)
sqla.session.commit()
entry = e
if e.draft == False:
blog.recent_entry = e
sqla.session.add(blog)
sqla.session.commit()
for subscriber in blog.subscribers:
e.subscribers.append(subscriber)
sqla.session.add(e)
sqla.session.commit()
if entry.author != blog.author:
broadcast(to=[
blog.author,
],
category="blog",
url="""/blog/%s/e/%s""" % (slug, entry.slug),
title="posted %s on blog %s" %
(str(entry.title), str(blog.name)),
description=entry.html,
content=entry,
author=current_user)
_to_notify = []
for u in blog.subscribers:
if u.id != current_user.id:
_to_notify.append(u)
mentions = mention_re.findall(e.html)
to_notify_m = {}
for mention in mentions:
try:
to_notify_m[mention] = sqla.session.query(
sqlm.User).filter_by(login_name=mention)[0]
except:
continue
broadcast(to=list(to_notify_m.values()),
category="mention",
url="""/blog/%s/e/%s""" % (slug, entry.slug),
title="mentioned you in blog %s" % (str(entry.title)),
description=e.html,
content=e,
author=e.author)
if len(_to_notify) > 0:
broadcast(to=_to_notify,
category="blog",
url="""/blog/%s/e/%s""" % (slug, entry.slug),
title="posted %s on blog %s" %
(str(entry.title), str(blog.name)),
description=entry.html,
content=entry,
author=current_user)
return redirect("/blog/" + str(blog.slug))
return render_template("blogs/new_blog_entry.jade",
form=form,
blog=blog,
page_title="New Blog Entry - %s" %
(app.get_site_config("core.site-name"), ))
def character_edit_profile(slug):
try:
character = sqla.session.query(sqlm.Character).filter_by(slug=slug.strip().lower())[0]
except IndexError:
return abort(404)
if current_user != character.author and not current_user.is_admin:
return abort(404)
form = CharacterForm(csrf_enabled=False)
if form.validate_on_submit():
cleaner = ForumHTMLCleaner()
try:
name = form.name.data
except:
return abort(500)
try:
species = form.species.data
except:
return abort(500)
try:
motto = form.motto.data
except:
return abort(500)
try:
age = form.age.data
except:
return abort(500)
c = {
"author": current_user.id,
"created": str(arrow.utcnow().datetime),
"data": {
"age": character.age+"",
"species": character.species+"",
"name": character.name+"",
"motto": character.motto+"",
"appearance": character.appearance+"",
"personality": character.personality+"",
"backstory": character.backstory+"",
"other": character.other+""
}
}
if character.character_history == None:
character.character_history = []
character.character_history.append(c)
character.age = form.age.data
character.species =form.species.data
character.name = form.name.data
character.motto = form.motto.data
character.appearance = form.appearance.data
character.personality = form.personality.data
character.backstory = form.backstory.data
character.other = form.other.data
sqla.session.add(character)
sqla.session.commit()
return redirect("/characters/"+str(character.slug))
else:
form.name.data = character.name
if character.age != None:
form.age.data = character.age
if character.species != None:
form.species.data = character.species
if character.motto != None:
form.motto.data = character.motto
if character.appearance != None:
form.appearance.data = character.appearance
if character.personality != None:
form.personality.data = character.personality
if character.backstory != None:
form.backstory.data = character.backstory
if character.other != None:
form.other.data = character.other
return render_template("roleplay/edit_character_profile.jade", character=character, form=form, page_title="Editing %s - Character Database - %s" % (str(character.name),app.get_site_config("core.site-name")))
def edit_blog_entry(slug, entry_slug):
try:
blog = sqla.session.query(sqlm.Blog).filter_by(slug=slug)[0]
except IndexError:
sqla.session.rollback()
return abort(404)
if current_user != blog.author:
if current_user not in blog.editors:
return abort(404)
try:
e = sqla.session.query(sqlm.BlogEntry).filter_by(blog=blog,
slug=entry_slug)[0]
except IndexError:
sqla.session.rollback()
return abort(404)
already_published = not e.draft
form = BlogEntryForm(csrf_enabled=False)
if form.validate_on_submit():
e.title = form.title.data
if current_user != e.author:
e.editor = current_user
e.draft = form.draft.data
cleaner = ForumHTMLCleaner()
try:
e.html = cleaner.clean(form.entry.data)
except:
return abort(500)
if e.draft == False and already_published == False:
e.published = arrow.utcnow().datetime.replace(tzinfo=None)
recent_entry = True
for subscriber in blog.subscribers:
e.subscribers.append(subscriber)
sqla.session.add(e)
sqla.session.commit()
else:
recent_entry = False
e.b_title = blog.name
sqla.session.add(e)
sqla.session.commit()
if recent_entry:
blog.recent_entry = e
sqla.session.add(blog)
sqla.session.commit()
return redirect("/blog/" + str(blog.slug))
else:
form.draft.data = e.draft
form.title.data = e.title
form.entry.data = e.html
return render_template("blogs/edit_blog_entry.jade",
form=form,
blog=blog,
entry=e,
page_title="Edit Blog Entry - %s" %
(app.get_site_config("core.site-name"), ))
def create_new_status(target):
request_json = request.get_json(force=True)
attached_to_user = False
if target:
try:
target_user = sqla.session.query(
sqlm.User).filter_by(login_name=target)[0]
if target_user == current_user:
return app.jsonify(error="No talking to yourself.")
if (current_user in [
u.ignoring for u in target_user.ignored_users
]) and not current_user.is_admin:
return app.jsonify(error="User has blocked you.")
attached_to_user = target_user
except IndexError:
target_user = None
else:
target_user = None
if len(request_json.get("message", "").strip()) == 0:
return app.jsonify(error="Your status update is empty.")
if len(request_json.get("message", "")) > 1000:
return app.jsonify(error="Your status update is too long.")
cleaner = ForumHTMLCleaner()
# try:
cleaner.escape(request_json.get("message", "").strip())
# except:
# return abort(500)
_html = request_json.get("message", "").strip()
status = sqlm.StatusUpdate()
if attached_to_user:
status.attached_to_user = attached_to_user
status.participants.append(attached_to_user)
status.author = current_user
status.message = _html
status.participants.append(status.author)
status.created = arrow.utcnow().datetime.replace(tzinfo=None)
status.replies = 0
sqla.session.add(status)
sqla.session.commit()
if target_user:
send_notify_to_users = []
broadcast(to=[
target_user,
],
category="profile_comment",
url="/status/" + str(status.id),
title="commented on your profile",
description=status.message,
content=status,
author=status.author)
else:
send_notify_to_users = []
for user in status.author.followed_by():
if target_user:
if user == target_user:
continue
send_notify_to_users.append(user)
broadcast(to=send_notify_to_users,
category="user_activity",
url="/status/" + str(status.id),
title="created a status update",
description=status.message,
content=status,
author=status.author)
exclude_from_mention = [u.id for u in send_notify_to_users]
if target_user:
exclude_from_mention.append(target_user.id)
scan_status_for_mentions(status, exclude_from_mention, is_reply=False)
return app.jsonify(url="/status/" + str(status.id))
def create_blog_comment(slug, entry_slug, page):
try:
blog = sqla.session.query(sqlm.Blog).filter_by(slug=slug)[0]
except IndexError:
sqla.session.rollback()
return abort(404)
try:
page = int(page)
except:
return abort(500)
if blog.privacy_setting == "you" and current_user != blog.author:
return abort(404)
elif blog.privacy_setting == "editors" and (
current_user != blog.author and current_user not in blog.editors):
return abort(404)
elif blog.privacy_setting == "members" and not current_user.is_authenticated:
return abort(404)
try:
entry = sqla.session.query(
sqlm.BlogEntry).filter_by(slug=entry_slug)[0]
except IndexError:
sqla.session.rollback()
return abort(404)
if (current_user in [u.ignoring for u in entry.author.ignored_users
]) and not current_user.is_admin:
return app.jsonify(error="You cannot comment on this entry.")
request_json = request.get_json(force=True)
if request_json.get("text", "").strip() == "":
return app.jsonify(no_content=True)
if len(request_json.get("text", "")) > 50000:
return app.jsonify(error="Your comment is too large.")
cleaner = ForumHTMLCleaner()
try:
post_html = cleaner.clean(request_json.get("post", ""))
except:
return abort(500)
new_blog_comment = sqlm.BlogComment()
new_blog_comment.blog_entry = entry
new_blog_comment.blog = blog
new_blog_comment.author = current_user
new_blog_comment.html = post_html
new_blog_comment.created = arrow.utcnow().datetime.replace(tzinfo=None)
new_blog_comment.hidden = False
new_blog_comment.b_e_title = entry.title
sqla.session.add(new_blog_comment)
sqla.session.commit()
max_pages = int(math.ceil(float(entry.comment_count()) / 10.0))
e = entry
replies = reply_re.findall(new_blog_comment.html)
to_notify = {}
for reply_ in replies:
try:
to_notify[reply_] = sqla.session.query(
sqlm.BlogComment).filter_by(id=reply_[0])[0].author
except:
continue
broadcast(to=list(to_notify.values()),
category="topic_reply",
url="""/blog/%s/e/%s""" % (slug, entry.slug),
title="replied to you in %s" % (str(entry.title)),
description=new_blog_comment.html,
content=new_blog_comment,
author=new_blog_comment.author)
mentions = mention_re.findall(new_blog_comment.html)
to_notify_m = {}
for mention in mentions:
try:
to_notify_m[mention] = sqla.session.query(
sqlm.User).filter_by(login_name=mention)[0]
except:
continue
broadcast(to=list(to_notify_m.values()),
category="mention",
url="""/blog/%s/e/%s""" % (slug, entry.slug),
title="mentioned you in a comment on %s" % (str(entry.title)),
description=new_blog_comment.html,
content=new_blog_comment,
author=new_blog_comment.author)
broadcast(to=[
entry.author,
],
category="blogcomments",
url="""/blog/%s/e/%s/page/%s#comments""" %
(slug, entry_slug, max_pages),
title="commented on your blog entry %s" % (str(entry.title)),
description=new_blog_comment.html,
content=new_blog_comment,
author=current_user)
if entry.author != blog.author:
broadcast(to=[
blog.author,
],
category="blogcomments",
url="""/blog/%s/e/%s/page/%s#comments""" %
(slug, entry_slug, max_pages),
title="commented on blog entry %s" % (str(entry.title)),
description=new_blog_comment.html,
content=new_blog_comment,
author=current_user)
_to_notify = []
for u in entry.subscribers:
if u.id != current_user.id:
_to_notify.append(u)
if len(_to_notify) > 0:
broadcast(to=_to_notify,
category="blogcomments",
url="""/blog/%s/e/%s/page/%s#comments""" %
(slug, entry_slug, max_pages),
title="commented on %s's blog entry %s" %
(str(entry.author.display_name), str(entry.title)),
description=new_blog_comment.html,
content=new_blog_comment,
author=current_user)
return app.jsonify(success=True,
url="""/blog/%s/e/%s/page/%s""" %
(slug, entry_slug, max_pages))
def parse(self, html, strip_images=False, _object=False):
cleaner = ForumHTMLCleaner()
try:
_content_owner = _object.author
except AttributeError:
try:
_content_owner = _object.owner
except AttributeError:
if type(_object) == sqlm.User:
_content_owner = _object
else:
_content_owner = False
_mangled_html_image_links = []
all_html_image_links = html_img_re.findall(html)
for i, _html_image_link in enumerate(all_html_image_links):
_mangled_html_image_links.append(
["mangled-img-%s" % i, _html_image_link])
html = html.replace(_html_image_link, "mangled-img-%s" % i, 1)
_mangled_html_links = []
all_html_links = href_re.findall(html)
for i, _html_link in enumerate(all_html_links):
_mangled_html_links.append(["mangled-%s" % i, _html_link[0]])
html = html.replace(_html_link[0], "mangled-%s" % i, 1)
mentions = mention_re.findall(html)
for mention in mentions:
user = app.login_name_exists(mention)
if user:
html = html.replace(
"[@%s]" % str(mention),
"""<a href="/member/%s" class="hover_user">@%s</a>""" %
(user["my_url"], user["display_name"]), 1)
else:
html = html.replace("[@%s]" % str(mention), "", 1)
if not current_user.no_images:
emoticon_codes = sqlm.get_local_smilies()
for smiley in emoticon_codes:
img_html = """<img src="%s" />""" % (os.path.join(
"/static/smilies", smiley["filename"]), )
html = html.replace(":" + smiley["code"] + ":", img_html)
html = bbcode_parser.format(html,
strip_images=strip_images,
content_owner=_content_owner)
for _code, _html in _mangled_html_links:
html = html.replace(_code, _html, 1)
for _code, _html in _mangled_html_image_links:
html = html.replace(_code, _html, 1)
if current_user.no_images:
for plain_jane_image in raw_image_re.findall(html):
html = html.replace(
"%s" % plain_jane_image[0],
"""<a href="%s" target="_blank">View External Image : <br>%s.</a>"""
% (plain_jane_image[1], plain_jane_image[1]))
if (app.get_site_config("core.swear-filter-default") == "yes"
and not current_user.is_authenticated) or (
current_user.is_authenticated
and current_user.swear_filter == True):
swear_words_to_filter = sqlm.get_swear_filters()
for w in swear_words_to_filter:
html = re.subn(re.escape(w),
"****",
html,
count=0,
flags=re.IGNORECASE)[0]
return "<div class=\"parsed\">" + html + "</div>"