def post_comment(request, year, month, day, slug): try: p = posts.get_object(posted__year=int(year), posted__month=int(month), posted__day=int(day), slug__exact=slug) except posts.PostDoesNotExist: raise Http404() try: c = comments.get_object(pk=int(request.POST.get('comment', '-1'))) except comments.CommentDoesNotExist: raise Http404() if not p.id == c.post_id: raise Http404() # FIXME # check IP-address! # check session? if c.previewed: raise Http404() ctx = template.Context(dict(comment=c)) send_mail("New comment on %s" % c.get_post(), comment_posted.render(ctx), SERVER_EMAIL, [a[1] for a in ADMINS], True) c.previewed = True c.save() return HttpResponseRedirect(c.get_absolute_url())
def preview_comment(request, year, month, day, slug): if not request.META['REQUEST_METHOD'] == 'POST': raise PermissionDenied() try: p = posts.get_object(posted__year=int(year), posted__month=int(month), posted__day=int(day), slug__exact=slug) except posts.PostDoesNotExist: raise Http404() if request.POST.has_key('comment'): comment = comments.get_object(pk=int(request.POST['comment'])) if not p.id == comment.post_id: raise Http404() if comment.previewed: raise Http404() else: comment = comments.Comment(post=p, name=request.POST['name']) comment.user = request.user comment.previewed = False if request.META.has_key('HTTP_X_FORWARDED_FOR'): comment.ip_address = request.META['HTTP_X_FORWARDED_FOR'].split(',')[-1].strip() elif request.META.has_key('REMOTE_ADDR'): comment.ip_address = request.META.get('REMOTE_ADDR') else: comment.ip_address = '0.0.0.0' comment.email = request.POST.get('email', '') comment.url = request.POST.get('url', '') content = request.POST.get('content', '') comment.content = safe_markdown.render(content) comment.save() c = Context(request, post=p, comment=comment, markdown_content=request.POST['content']) t = template_loader.get_template('blog/preview-comment') return HttpResponse(t.render(c))
def delete_comments(request): for id in request.POST.getlist('comments'): comment = comments.get_object(pk=int(id)) comment.delete() return HttpResponseRedirect('..')