def save(self, *args, **kwargs): self.title = sanitize_html(self.title) if not self.slug: #~ must be unique self.slug =render_unique_slug(self.__class__, slugify(self.title)) self.text = sanitize_html(self.text) super(Question, self).save()
def markup(value, mtype=1):
try:
from django.utils.html import escape
if mtype == MARKDOWN[0]:
try:
import markdown2
except ImportError:
try:
from django.contrib.markup.templatetags.markup import markdown
except ImportError:
return sanitize_html(force_unicode(value))
return mark_safe(sanitize_html(markdown(force_unicode(value))))
else:
safe_mode = False
return mark_safe(sanitize_html(markdown2.markdown(force_unicode(value),
safe_mode=safe_mode)))
elif mtype == TEXTILE[0]:
from django.contrib.markup.templatetags.markup import textile
return textile(force_unicode(value))
## elif mtype == REST[0]:
## from django.contrib.markup.templatetags.markup import restructuredtext
## return restructuredtext(value)
elif mtype == HTML[0]:
return mark_safe(sanitize_html(force_unicode(value)))
elif mtype == PLAINTEXT[0]:
return escape(force_unicode(value))
else:
return markup(value, DEFAULT_MARKUP[0])
except ImportError:
# Not marking safe, in case tag fails and users input malicious code.
return force_unicode(value)
def get_book(db, uuid):
'''
Returns book with the param uuid
'''
book = db.books.find_one({'uuid': uuid}, PUBLIC_SINGLE_BOOK_FIELDS)
if book:
return utils.sanitize_html(book)
return None
def get_book(db, uuid):
'''
Returns book with the param uuid
'''
book = db.books.find_one({'uuid': uuid}, PUBLIC_SINGLE_BOOK_FIELDS)
if book:
return utils.sanitize_html(book)
return None
def get_context_data(self, **kwargs):
context = super(QuestionTagView, self).get_context_data(**kwargs)
# ~ have to clean the tag slug as it comes from the url and is not safe
context["tag_slug"] = sanitize_html(self.kwargs["slug"])
context["template_to_extend"] = "base.html"
return context
def save(self, *args, **kwargs): self.text = sanitize_html(self.text, clear=True) super(QAComment, self).save()
def save(self, *args, **kwargs): self.text = sanitize_html(self.text) super(Answer, self).save()
def get_context_data(self, **kwargs):
context = super(QuestionTagView, self).get_context_data(**kwargs)
#~ have to clean the tag slug as it comes from the url and is not safe
context['tag_slug'] = sanitize_html(self.kwargs['slug'])
context['template_to_extend'] = "base.html"
return context
def editjob(hashid, key, form=None, post=None, validated=False):
if form is None:
form = forms.ListingForm(request.form)
form.job_type.choices = [(ob.id, ob.title) for ob in JobType.query.filter_by(public=True).order_by('seq')]
form.job_category.choices = [(ob.id, ob.title) for ob in JobCategory.query.filter_by(public=True).order_by('seq')]
if post is None:
post = JobPost.query.filter_by(hashid=hashid).first_or_404()
if key != post.edit_key:
abort(403)
# Don't allow email address to be changed once its confirmed
if request.method == 'POST' and post.status >= POSTSTATUS.PENDING:
form.poster_email.data = post.email
if request.method == 'POST' and (validated or form.validate()):
form_description = sanitize_html(form.job_description.data)
form_perks = sanitize_html(form.job_perks_description.data) if form.job_perks.data else ''
form_how_to_apply = form.job_how_to_apply.data
form_email_domain = get_email_domain(form.poster_email.data)
form_words = get_word_bag(u' '.join((form_description, form_perks, form_how_to_apply)))
similar = False
for oldpost in JobPost.query.filter(JobPost.email_domain == form_email_domain).filter(
JobPost.status > POSTSTATUS.PENDING).filter(
JobPost.datetime > datetime.utcnow() - agelimit).all():
if oldpost.id != post.id:
if oldpost.words:
s = SequenceMatcher(None, form_words, oldpost.words)
if s.ratio() > 0.6:
similar = True
break
if similar:
flash("This listing is very similar to an earlier listing. You may not relist the same job "
"in less than %d days. If you believe this to be an error, please email us at %s." % (agelimit.days,
app.config['ADMINS'][0]), category='interactive')
else:
post.headline = form.job_headline.data
post.type_id = form.job_type.data
post.category_id = form.job_category.data
post.location = form.job_location.data
post.relocation_assist = form.job_relocation_assist.data
post.description = form_description
post.perks = form_perks
post.how_to_apply = form_how_to_apply
post.company_name = form.company_name.data
post.company_url = form.company_url.data
post.email = form.poster_email.data
post.email_domain = form_email_domain
post.md5sum = md5sum(post.email)
# To protect from gaming, don't allow words to be removed in edited listings once the post
# has been confirmed. Just add the new words.
if post.status >= POSTSTATUS.CONFIRMED:
prev_words = post.words or ''
else:
prev_words = u''
post.words = get_word_bag(u' '.join((prev_words, form_description, form_perks, form_how_to_apply)))
if request.files['company_logo']:
# The form's validator saved the processed logo in g.company_logo.
thumbnail = g.company_logo
logofilename = uploaded_logos.save(thumbnail, name='%s.' % post.hashid)
post.company_logo = logofilename
else:
if form.company_logo_remove.data:
post.company_logo = None
db.session.commit()
userkeys = session.get('userkeys', [])
userkeys.append(post.edit_key)
session['userkeys'] = userkeys
session.permanent = True
return redirect(url_for('jobdetail', hashid=post.hashid), code=303)
elif request.method == 'POST':
flash("Please correct the indicated errors", category='interactive')
elif request.method == 'GET':
# Populate form from model
form.job_headline.data = post.headline
form.job_type.data = post.type_id
form.job_category.data = post.category_id
form.job_location.data = post.location
form.job_relocation_assist.data = post.relocation_assist
form.job_description.data = post.description
form.job_perks.data = True if post.perks else False
form.job_perks_description.data = post.perks
form.job_how_to_apply.data = post.how_to_apply
form.company_name.data = post.company_name
form.company_url.data = post.company_url
form.poster_email.data = post.email
return render_template('postjob.html', form=form, no_email=post.status > POSTSTATUS.DRAFT)