Exemplo n.º 1
0
    def post(self, slug=None):
        useajax = self.param('useajax') == '1'

        name = self.param('author')
        email = self.param('email')
        url = self.param('url')

        key = self.param('key')
        content = self.param('comment')
        parent_id = self.paramint('parentid', 0)
        reply_notify_mail = self.parambool('reply_notify_mail')

        sess = Session(self, timeout=180)
        if not self.is_login:
            #if not (self.request.cookies.get('comment_user', '')):
            try:
                check_ret = True
                if g_blog.comment_check_type in (1, 2):
                    checkret = self.param('checkret')
                    check_ret = (int(checkret) == sess['code'])
                elif g_blog.comment_check_type == 3:
                    import app.gbtools as gb
                    checknum = self.param('checknum')
                    checkret = self.param('checkret')
                    check_ret = eval(checknum) == int(gb.stringQ2B(checkret))

                if not check_ret:
                    if useajax:
                        self.write(
                            simplejson.dumps(
                                (False, -102,
                                 _('Your check code is invalid .')),
                                ensure_ascii=False))
                    else:
                        self.error(-102, _('Your check code is invalid .'))
                    return
            except:
                if useajax:
                    self.write(
                        simplejson.dumps(
                            (False, -102, _('Your check code is invalid .')),
                            ensure_ascii=False))
                else:
                    self.error(-102, _('Your check code is invalid .'))
                return

        sess.invalidate()
        content = content.replace('\n', '<br />')
        content = myfilter.do_filter(content)
        name = cgi.escape(name)[:20]
        url = cgi.escape(url)[:100]

        if not (name and email and content):
            if useajax:
                self.write(
                    simplejson.dumps(
                        (False, -101,
                         _('Please input name, email and comment .'))))
            else:
                self.error(-101, _('Please input name, email and comment .'))
        else:
            comment = Comment(author=name,
                              content=content,
                              email=email,
                              reply_notify_mail=reply_notify_mail,
                              entry=Entry.get(key))
            if url:
                try:
                    if not url.lower().startswith(('http://', 'https://')):
                        url = 'http://' + url
                    comment.weburl = url
                except:
                    comment.weburl = None

            #name=name.decode('utf8').encode('gb2312')

            info_str = '#@#'.join(
                [urlencode(name),
                 urlencode(email),
                 urlencode(url)])

            #info_str='#@#'.join([name,email,url.encode('utf8')])
            cookiestr = 'comment_user=%s;expires=%s;path=/;' % (info_str, (
                datetime.now() +
                timedelta(days=100)).strftime("%a, %d-%b-%Y %H:%M:%S GMT"))
            comment.ip = self.request.remote_addr

            if parent_id:
                comment.parent = Comment.get_by_id(parent_id)

            comment.no = comment.entry.commentcount + 1
            try:
                comment.save()
                memcache.delete("/" + comment.entry.link)

                self.response.headers.add_header('Set-Cookie', cookiestr)
                if useajax:
                    comment_c = self.get_render('comment',
                                                {'comment': comment})
                    self.write(
                        simplejson.dumps((True, comment_c.decode('utf8')),
                                         ensure_ascii=False))
                else:
                    self.redirect(self.referer + "#comment-" +
                                  str(comment.key().id()))

                comment.entry.removecache()
                memcache.delete("/feed/comments")
            except:
                if useajax:
                    self.write(
                        simplejson.dumps(
                            (False, -102, _('Comment not allowed.'))))
                else:
                    self.error(-102, _('Comment not allowed .'))
Exemplo n.º 2
0
    def post(self,slug=None):
        useajax=self.param('useajax')=='1'

        name=self.param('author')
        email=self.param('email')
        url=self.param('url')

        key=self.param('key')
        content=self.param('comment')
        parent_id=self.paramint('parentid',0)
        reply_notify_mail=self.parambool('reply_notify_mail')

        sess=Session(self,timeout=180)
        if not self.is_login:
            #if not (self.request.cookies.get('comment_user', '')):
            try:
                check_ret=True
                if g_blog.comment_check_type in (1,2)  :
                    checkret=self.param('checkret')
                    check_ret=(int(checkret) == sess['code'])
                elif  g_blog.comment_check_type ==3:
                    import app.gbtools as gb
                    checknum=self.param('checknum')
                    checkret=self.param('checkret')
                    check_ret=eval(checknum)==int(gb.stringQ2B( checkret))

                if not check_ret:
                    if useajax:
                        self.write(simplejson.dumps((False,-102,_('Your check code is invalid .')),ensure_ascii = False))
                    else:
                        self.error(-102,_('Your check code is invalid .'))
                    return
            except:
                if useajax:
                    self.write(simplejson.dumps((False,-102,_('Your check code is invalid .')),ensure_ascii = False))
                else:
                    self.error(-102,_('Your check code is invalid .'))
                return

        sess.invalidate()
        content=content.replace('\n','<br />')
        content=myfilter.do_filter(content)
        name=cgi.escape(name)[:20]
        url=cgi.escape(url)[:100]

        if not (name and email and content):
            if useajax:
                        self.write(simplejson.dumps((False,-101,_('Please input name, email and comment .'))))
            else:
                self.error(-101,_('Please input name, email and comment .'))
        else:
            comment=Comment(author=name,
                            content=content,
                            email=email,
                            reply_notify_mail=reply_notify_mail,
                            entry=Entry.get(key))
            if url:
                try:
                    if not url.lower().startswith(('http://','https://')):
                        url = 'http://' + url
                    comment.weburl=url
                except:
                    comment.weburl=None

            #name=name.decode('utf8').encode('gb2312')

            info_str='#@#'.join([urlencode(name),urlencode(email),urlencode(url)])

             #info_str='#@#'.join([name,email,url.encode('utf8')])
            cookiestr='comment_user=%s;expires=%s;path=/;'%( info_str,
                       (datetime.now()+timedelta(days=100)).strftime("%a, %d-%b-%Y %H:%M:%S GMT")
                       )
            comment.ip=self.request.remote_addr

            if parent_id:
                comment.parent=Comment.get_by_id(parent_id)

            comment.no=comment.entry.commentcount+1
            try:
                comment.save()
                memcache.delete("/"+comment.entry.link)

                self.response.headers.add_header( 'Set-Cookie', cookiestr)
                if useajax:
                    comment_c=self.get_render('comment',{'comment':comment})
                    self.write(simplejson.dumps((True,comment_c.decode('utf8')),ensure_ascii = False))
                else:
                    self.redirect(self.referer+"#comment-"+str(comment.key().id()))

                comment.entry.removecache()
                memcache.delete("/feed/comments")
            except:
                if useajax:
                    self.write(simplejson.dumps((False,-102,_('Comment not allowed.'))))
                else:
                    self.error(-102,_('Comment not allowed .'))
Exemplo n.º 3
0
    def post(self, slug=None, postid=None):
        '''handle trackback'''
        error = '''<?xml version="1.0" encoding="utf-8"?>
<response>
<error>1</error>
<message>%s</message>
</response>
'''
        success = '''<?xml version="1.0" encoding="utf-8"?>
<response>
<error>0</error>
</response>
'''

        if not g_blog.allow_trackback:
            self.response.out.write(error % "Trackback denied.")
            return
        self.response.headers['Content-Type'] = "text/xml"
        if postid:
            entries = Entry.all().filter("published =",
                                         True).filter('post_id =',
                                                      postid).fetch(1)
        else:
            slug = urldecode(slug)
            entries = Entry.all().filter("published =",
                                         True).filter('link =', slug).fetch(1)

        if not entries or len(
                entries
        ) == 0:  #or  (postid and not entries[0].link.endswith(g_blog.default_link_format%{'post_id':postid})):
            self.response.out.write(error % "empty slug/postid")
            return
        #check code ,rejest spam
        entry = entries[0]
        logging.info(self.request.remote_addr + self.request.path + " " +
                     entry.trackbackurl)
        #key=self.param("code")
        #if (self.request.uri!=entry.trackbackurl) or entry.is_external_page or not entry.allow_trackback:
        #import cgi
        from urlparse import urlparse
        param = urlparse(self.request.uri)
        code = param[4]
        param = cgi.parse_qs(code)
        if param.has_key('code'):
            code = param['code'][0]

        if (not str(entry.key()) == code
            ) or entry.is_external_page or not entry.allow_trackback:
            self.response.out.write(error % "Invalid trackback url.")
            return

        coming_url = self.param('url')
        blog_name = myfilter.do_filter(self.param('blog_name'))
        excerpt = myfilter.do_filter(self.param('excerpt'))
        title = myfilter.do_filter(self.param('title'))

        if not coming_url or not blog_name or not excerpt or not title:
            self.response.out.write(error % "not enough post info")
            return

        import time
        #wait for half second in case otherside hasn't been published
        time.sleep(0.5)

        ##		#also checking the coming url is valid and contains our link
        ##		#this is not standard trackback behavior
        ##		try:
        ##
        ##			result = urlfetch.fetch(coming_url)
        ##			if result.status_code != 200 :
        ##				#or ((g_blog.baseurl + '/' + slug) not in result.content.decode('ascii','ignore')):
        ##				self.response.out.write(error % "probably spam")
        ##				return
        ##		except Exception, e:
        ##			logging.info("urlfetch error")
        ##			self.response.out.write(error % "urlfetch error")
        ##			return

        comment = Comment.all().filter("entry =",
                                       entry).filter("weburl =",
                                                     coming_url).get()
        if comment:
            self.response.out.write(error % "has pinged before")
            return

        comment = Comment(author=blog_name,
                          content="...<strong>" + title[:250] + "</strong> " +
                          excerpt[:250] + '...',
                          weburl=coming_url,
                          entry=entry)

        comment.ip = self.request.remote_addr
        comment.ctype = COMMENT_TRACKBACK
        try:
            comment.save()

            memcache.delete("/" + entry.link)
            self.write(success)
            g_blog.tigger_action("pingback_post", comment)
        except:
            self.response.out.write(error % "unknow error")
Exemplo n.º 4
0
    def post(self,slug=None,postid=None):
        '''handle trackback'''
        error = '''<?xml version="1.0" encoding="utf-8"?>
<response>
<error>1</error>
<message>%s</message>
</response>
'''
        success = '''<?xml version="1.0" encoding="utf-8"?>
<response>
<error>0</error>
</response>
'''

        if not g_blog.allow_trackback:
            self.response.out.write(error % "Trackback denied.")
            return
        self.response.headers['Content-Type'] = "text/xml"
        if postid:
            entries = Entry.all().filter("published =", True).filter('post_id =', postid).fetch(1)
        else:
            slug=urldecode(slug)
            entries = Entry.all().filter("published =", True).filter('link =', slug).fetch(1)

        if not entries or len(entries) == 0 :#or  (postid and not entries[0].link.endswith(g_blog.default_link_format%{'post_id':postid})):
            self.response.out.write(error % "empty slug/postid")
            return
        #check code ,rejest spam
        entry=entries[0]
        logging.info(self.request.remote_addr+self.request.path+" "+entry.trackbackurl)
        #key=self.param("code")
        #if (self.request.uri!=entry.trackbackurl) or entry.is_external_page or not entry.allow_trackback:
        #import cgi
        from urlparse import urlparse
        param=urlparse(self.request.uri)
        code=param[4]
        param=cgi.parse_qs(code)
        if param.has_key('code'):
            code=param['code'][0]

        if  (not str(entry.key())==code) or entry.is_external_page or not entry.allow_trackback:
            self.response.out.write(error % "Invalid trackback url.")
            return


        coming_url = self.param('url')
        blog_name = myfilter.do_filter(self.param('blog_name'))
        excerpt = myfilter.do_filter(self.param('excerpt'))
        title = myfilter.do_filter(self.param('title'))

        if not coming_url or not blog_name or not excerpt or not title:
            self.response.out.write(error % "not enough post info")
            return

        import time
        #wait for half second in case otherside hasn't been published
        time.sleep(0.5)

##		#also checking the coming url is valid and contains our link
##		#this is not standard trackback behavior
##		try:
##
##			result = urlfetch.fetch(coming_url)
##			if result.status_code != 200 :
##				#or ((g_blog.baseurl + '/' + slug) not in result.content.decode('ascii','ignore')):
##				self.response.out.write(error % "probably spam")
##				return
##		except Exception, e:
##			logging.info("urlfetch error")
##			self.response.out.write(error % "urlfetch error")
##			return

        comment = Comment.all().filter("entry =", entry).filter("weburl =", coming_url).get()
        if comment:
            self.response.out.write(error % "has pinged before")
            return

        comment=Comment(author=blog_name,
                content="...<strong>"+title[:250]+"</strong> " +
                        excerpt[:250] + '...',
                weburl=coming_url,
                entry=entry)

        comment.ip=self.request.remote_addr
        comment.ctype=COMMENT_TRACKBACK
        try:
            comment.save()

            memcache.delete("/"+entry.link)
            self.write(success)
            g_blog.tigger_action("pingback_post",comment)
        except:
            self.response.out.write(error % "unknow error")