def post_comment(request, year, month, day, slug):
try:
p = posts.get_object(posted__year=int(year),
posted__month=int(month),
posted__day=int(day),
slug__exact=slug)
except posts.PostDoesNotExist:
raise Http404()
try:
c = comments.get_object(pk=int(request.POST.get('comment', '-1')))
except comments.CommentDoesNotExist:
raise Http404()
if not p.id == c.post_id:
raise Http404()
# FIXME
# check IP-address!
# check session?
if c.previewed:
raise Http404()
ctx = template.Context(dict(comment=c))
send_mail("New comment on %s" % c.get_post(),
comment_posted.render(ctx),
SERVER_EMAIL, [a[1] for a in ADMINS], True)
c.previewed = True
c.save()
return HttpResponseRedirect(c.get_absolute_url())
def preview_comment(request, year, month, day, slug):
if not request.META['REQUEST_METHOD'] == 'POST':
raise PermissionDenied()
try:
p = posts.get_object(posted__year=int(year),
posted__month=int(month),
posted__day=int(day),
slug__exact=slug)
except posts.PostDoesNotExist:
raise Http404()
if request.POST.has_key('comment'):
comment = comments.get_object(pk=int(request.POST['comment']))
if not p.id == comment.post_id:
raise Http404()
if comment.previewed:
raise Http404()
else:
comment = comments.Comment(post=p, name=request.POST['name'])
comment.user = request.user
comment.previewed = False
if request.META.has_key('HTTP_X_FORWARDED_FOR'):
comment.ip_address = request.META['HTTP_X_FORWARDED_FOR'].split(',')[-1].strip()
elif request.META.has_key('REMOTE_ADDR'):
comment.ip_address = request.META.get('REMOTE_ADDR')
else:
comment.ip_address = '0.0.0.0'
comment.email = request.POST.get('email', '')
comment.url = request.POST.get('url', '')
content = request.POST.get('content', '')
comment.content = safe_markdown.render(content)
comment.save()
c = Context(request, post=p, comment=comment,
markdown_content=request.POST['content'])
t = template_loader.get_template('blog/preview-comment')
return HttpResponse(t.render(c))
def delete_comments(request):
for id in request.POST.getlist('comments'):
comment = comments.get_object(pk=int(id))
comment.delete()
return HttpResponseRedirect('..')
