def web_tpush():
#data = request.get_data().decode("utf-8")
error = None
res = {}
#for i in data.split('&'):
# key,value = i.split('=')
# if key == 'cemail':
# value = value.decode("utf-8")#request.form['cemail']
# res[key] = value
#print(data,res)
res['cname'] = request.form['cname']
res['cemail'] = request.form['cemail']
res['curl'] = request.form['curl']
res['ctext'] = request.form['text']
res['cwz'] = request.form['path']
cm = Comment.query.filter_by(cemail=res['cemail']).first()
cmall = Comment.query.filter_by(cemail=res['cemail']).all()
#print(type(cmall),cmall)
for cmall_i in cmall:
#print(cmall_i,type(cmall_i))
if cmall_i.cwz == res['cwz'] and cmall_i.ctext == res[
'ctext'] and cmall_i.cname == res['cname']:
return jsonify({'r': 1, 'error': '已经评论过了'})
addcm = Comment(cname=res['cname'],
cemail=res['cemail'],
cwz=res['cwz'],
ctext=res['ctext'])
addcm.ctime = datetime.now()
#print(cm,type(cm))
try:
if cm['cemail_hash']:
addcm.cemail_hash = cm.cemail_hash
except:
pass
addcm.cemail_hash = hashlib.md5(res['cemail'].encode('utf-8')).hexdigest()
try:
if cm.cemail_allow:
addcm.cemail_allow = True
db.session.add(addcm)
db.session.commit()
return jsonify({'r': 0, 'rs': '评论成功'})
except:
pass
print(res)
xss_payload = [
'drop', 'alert', 'script', 'onload', 'import url', 'expression',
'meta', 'link', 'frame', 'iframe', 'onerror', 'onunload', 'onkey',
'onmouse'
]
for i in xss_payload:
if i in res['ctext'].lower():
return jsonify({'r': 1, 'error': '评论存在风险,已经拿小本本记下来了'})
if not validateEmail(res['cemail']):
error = '邮件格式错误'
if error is not None:
return jsonify({'r': 1, 'error': error})
addcm.cemail_allow = False
db.session.add(addcm)
db.session.commit()
return jsonify({'r': 0, 'rs': '评论正在审核ing'})
