def POST(self,slug=None): useajax=self.param('useajax')=='1' logging.debug('+++++++++++++++++++++++1') name=self.param('author') email=self.param('email') url=self.param('url') key=self.param('key') content=self.param('comment') parent_id=self.paramint('parentid',0) reply_notify_mail=self.parambool('reply_notify_mail') sess=Session(self,timeout=180) if not self.is_login: #if not (self.request.cookies.get('comment_user', '')): #try: if 1: check_ret=True if self.blog.comment_check_type in (1,2) : checkret=self.param('checkret') check_ret=(int(checkret) == sess['code']) elif self.blog.comment_check_type ==3: import app.gbtools as gb checknum=self.param('checknum') checkret=self.param('checkret') check_ret=eval(checknum)==int(gb.stringQ2B( checkret)) if not check_ret: if useajax: self.write(simplejson.dumps((False,-102,_('Your check code is invalid .')),ensure_ascii = False)) else: self.error(-102,_('Your check code is invalid .')) return #except: if 0: if useajax: self.write(simplejson.dumps((False,-102,_('Your check code is invalid .')),ensure_ascii = False)) else: self.error(-102,_('Your check code is invalid .')) return sess.invalidate() content=content.replace('\n','<br />') content=myfilter.do_filter(content) name=cgi.escape(name)[:20] url=cgi.escape(url)[:100] if not (name and email and content): if useajax: self.write(simplejson.dumps((False,-101,_('Please input name, email and comment .')))) else: self.error(-101,_('Please input name, email and comment .')) else: comment=Comment(author=name, content=content, email=email, reply_notify_mail=reply_notify_mail, entry=Entry.get(key)) if url: try: if not url.lower().startswith(('http://','https://')): url = 'http://' + url comment.weburl=url except: comment.weburl=None #name=name.decode('utf8').encode('gb2312') info_str='#@#'.join([urlencode(name),urlencode(email),urlencode(url)]) #info_str='#@#'.join([name,email,url.encode('utf8')]) cookiestr='comment_user=%s;expires=%s;path=/;'%( info_str, (datetime.now()+timedelta(days=100)).strftime("%a, %d-%b-%Y %H:%M:%S GMT") ) comment.ip=self.request.remote_addr if parent_id: comment.parent=Comment.get_by_id(parent_id) comment.no=comment.entry.commentcount+1 #try: if 1: comment.save() memcache.delete("/"+comment.entry.link) self.response.headers.add_header( 'Set-Cookie', cookiestr) if useajax: comment_c=self.get_render('comment',{'comment':comment}) self.write(simplejson.dumps((True,comment_c.decode('utf8')),ensure_ascii = False)) else: self.redirect(self.referer+"#comment-"+str(comment.key().id())) comment.entry.removecache() memcache.delete("/feed/comments") #except: if 0: if useajax: self.write(simplejson.dumps((False,-102,_('Comment not allowed.')))) else: self.error(-102,_('Comment not allowed .'))
def POST(self,slug=None,postid=None): '''handle trackback''' error = '''<?xml version="1.0" encoding="utf-8"?> <response> <error>1</error> <message>%s</message> </response> ''' success = '''<?xml version="1.0" encoding="utf-8"?> <response> <error>0</error> </response> ''' if not self.blog.allow_trackback: self.response.out.write(error % "Trackback denied.") return self.response.headers['Content-Type'] = "text/xml" if postid: entries = Entry.all().filter(published = True).filter(post_id = postid)[0:1]#.fetch(1) else: slug=urldecode(slug) entries = Entry.all().filter(published = True).filter(link = slug)[0:1]#.fetch(1) if not entries or len(entries) == 0 :#or (postid and not entries[0].link.endswith(self.blog.default_link_format%{'post_id':postid})): self.response.out.write(error % "empty slug/postid") return #check code ,rejest spam entry=entries[0] logging.info(self.request.remote_addr+self.request.path+" "+entry.trackbackurl) #key=self.param("code") #if (self.request.uri!=entry.trackbackurl) or entry.is_external_page or not entry.allow_trackback: #import cgi from urlparse import urlparse param=urlparse(self.request.uri) code=param[4] param=cgi.parse_qs(code) if param.has_key('code'): code=param['code'][0] if (not str(entry.key())==code) or entry.is_external_page or not entry.allow_trackback: self.response.out.write(error % "Invalid trackback url.") return coming_url = self.param('url') blog_name = myfilter.do_filter(self.param('blog_name')) excerpt = myfilter.do_filter(self.param('excerpt')) title = myfilter.do_filter(self.param('title')) if not coming_url or not blog_name or not excerpt or not title: self.response.out.write(error % "not enough post info") return import time #wait for half second in case otherside hasn't been published time.sleep(0.5) ## #also checking the coming url is valid and contains our link ## #this is not standard trackback behavior ## try: ## ## result = urlfetch.fetch(coming_url) ## if result.status_code != 200 : ## #or ((self.blog.baseurl + '/' + slug) not in result.content.decode('ascii','ignore')): ## self.response.out.write(error % "probably spam") ## return ## except Exception, e: ## logging.info("urlfetch error") ## self.response.out.write(error % "urlfetch error") ## return comment = Comment.all().filter(entry = entry).filter(weburl = coming_url).get() if comment: self.response.out.write(error % "has pinged before") return comment=Comment(author=blog_name, content="...<strong>"+title[:250]+"</strong> " + excerpt[:250] + '...', weburl=coming_url, entry=entry) comment.ip=self.request.remote_addr comment.ctype=COMMENT_TRACKBACK try: comment.save() memcache.delete("/"+entry.link) self.write(success) self.blog.tigger_action("pingback_post",comment) except: self.response.out.write(error % "unknow error")