Ticket #8968: fix_8968_v4.patch

File fix_8968_v4.patch, 10.7 KB (added by kkubasik, 6 years ago)

Docs, Tests and Code.

  • new file .gitignore

    diff --git a/.gitignore b/.gitignore
    new file mode 100644
    index 0000000..0d20b64
    - +  
     1*.pyc
  • django/contrib/comments/views/moderation.py

    diff --git a/django/contrib/comments/views/moderation.py b/django/contrib/comments/views/moderation.py
    index 3334b09..13e08ff 100644
    a b def flag(request, comment_id, next=None): 
    3434            created = created,
    3535            request = request,
    3636        )
    37         return next_redirect(request.POST.copy(), next, flag_done, c=comment.pk)
     37        if request.POST.has_key('next'):
     38            next = request.POST.get('next')
     39        elif request.GET.has_key('next'):
     40            next = request.GET.get('next')
     41        return next_redirect(request.POST.copy(),next, flag_done, c=comment.pk)
    3842
    3943    # Render a form on GET
    4044    else:
     45        next = request.GET.get('next',next)
    4146        return render_to_response('comments/flag.html',
    4247            {'comment': comment, "next": next},
    4348            template.RequestContext(request)
    def delete(request, comment_id, next=None): 
    7479            created = created,
    7580            request = request,
    7681        )
     82        if request.POST.has_key('next'):
     83            next = request.POST.get('next')
     84        elif request.GET.has_key('next'):
     85            next = request.GET.get('next')
    7786        return next_redirect(request.POST.copy(), next, delete_done, c=comment.pk)
    7887
    7988    # Render a form on GET
    8089    else:
     90        next = request.GET.get('next',next)
    8191        return render_to_response('comments/delete.html',
    8292            {'comment': comment, "next": next},
    8393            template.RequestContext(request)
    def approve(request, comment_id, next=None): 
    117127            created = created,
    118128            request = request,
    119129        )
     130        if request.POST.has_key('next'):
     131            next = request.POST.get('next')
     132        elif request.GET.has_key('next'):
     133            next = request.GET.get('next')
    120134        return next_redirect(request.POST.copy(), next, approve_done, c=comment.pk)
    121135
    122136    # Render a form on GET
    123137    else:
     138        next = request.GET.get('next',next)
    124139        return render_to_response('comments/approve.html',
    125140            {'comment': comment, "next": next},
    126141            template.RequestContext(request)
  • docs/ref/contrib/comments/index.txt

    diff --git a/docs/ref/contrib/comments/index.txt b/docs/ref/contrib/comments/index.txt
    index f6e1553..4bfedcd 100644
    a b Quick start guide 
    2424
    2525To get started using the ``comments`` app, follow these steps:
    2626
    27     #. Install the comments framework by adding ``'django.contrib.comments'`` to   
     27    #. Install the comments framework by adding ``'django.contrib.comments'`` to
    2828       :setting:`INSTALLED_APPS`.
    2929
    3030    #. Run ``manage.py syncdb`` so that Django will create the comment tables.
    3131
    3232    #. Add the comment app's URLs to your project's ``urls.py``:
    33    
     33
    3434       .. code-block:: python
    3535
    3636            urlpatterns = patterns('',
    To get started using the ``comments`` app, follow these steps: 
    4141
    4242    #. Use the `comment template tags`_ below to embed comments in your
    4343       templates.
    44    
     44
    4545You might also want to examine :ref:`ref-contrib-comments-settings`.
    46    
     46
    4747Comment template tags
    4848=====================
    4949
    different ways you can specify which object to attach to: 
    6767    #. Refer to the object directly -- the more common method. Most of the
    6868       time, you'll have some object in the template's context you want
    6969       to attach the comment to; you can simply use that object.
    70        
    71        For example, in a blog entry page that has a variable named ``entry``, 
     70
     71       For example, in a blog entry page that has a variable named ``entry``,
    7272       you could use the following to load the number of comments::
    73        
     73
    7474            {% get_comment_count for entry as comment_count %}.
    75            
     75
    7676    #. Refer to the object by content-type and object id. You'd use this method
    7777       if you, for some reason, don't actually have direct access to the object.
    78        
     78
    7979       Following the above example, if you knew the object ID was ``14`` but
    8080       didn't have access to the actual object, you could do something like::
    81        
     81
    8282            {% get_comment_count for blog.entry 14 as comment_count %}
    83            
     83
    8484       In the above, ``blog.entry`` is the app label and (lower-cased) model
    8585       name of the model class.
    8686
    For example:: 
    9999    {% for comment in comment_list %}
    100100        ...
    101101    {% endfor %}
    102    
     102
    103103This returns a list of :class:`~django.contrib.comments.models.Comment` objects;
    104104see :ref:`the comment model documentation <ref-contrib-comments-models>` for
    105105details.
    To count comments attached to an object, use :ttag:`get_comment_count`:: 
    116116For example::
    117117
    118118        {% get_comment_count for event as comment_count %}
    119        
     119
    120120        <p>This event has {{ comment_count }} comments.</p>
    121        
     121
    122122
    123123Displaying the comment post form
    124124--------------------------------
    If you want more control over the look and feel of the comment form, you use use 
    153153you can use in the template::
    154154
    155155    {% get_comment_form for [object] as [varname] %}
    156    
     156
    157157A complete form might look like::
    158158
    159159    {% get_comment_form for event as form %}
    A complete form might look like:: 
    164164        <td><input type="submit" name="preview" class="submit-post" value="Preview"></td>
    165165      </tr>
    166166    </form>
    167    
     167
    168168Be sure to read the `notes on the comment form`_, below, for some special
    169169considerations you'll need to make if you're using this approach.
    170170
    Redirecting after the comment post 
    185185
    186186To specify the URL you want to redirect to after the comment has been posted,
    187187you can include a hidden form input called ``next`` in your comment form. For example::
    188  
     188
    189189    <input type="hidden" name="next" value="{% url my_comment_was_posted %}" />
    190190
     191The ``next`` parameter can be passed into the comment system in a variety of ways,
     192but POST will always be preferred over GET and the named parameter is always overridden.
     193
     194A ``next`` parameter can be specified in ``urls.py`` with the following line::
     195
     196    (r'^flag/(\d+)/$', flag, {'next': '/I/am/done/'})
     197
    191198.. _notes-on-the-comment-form:
    192199
    193200Notes on the comment form
    should know about: 
    198205
    199206    * It contains a number of hidden fields that contain timestamps, information
    200207      about the object the comment should be attached to, and a "security hash"
    201       used to validate this information. If someone tampers with this data -- 
     208      used to validate this information. If someone tampers with this data --
    202209      something comment spammers will try -- the comment submission will fail.
    203      
     210
    204211      If you're rendering a custom comment form, you'll need to make sure to
    205212      pass these values through unchanged.
    206      
     213
    207214    * The timestamp is used to ensure that "reply attacks" can't continue very
    208215      long. Users who wait too long between requesting the form and posting a
    209216      comment will have their submissions refused.
    210      
     217
    211218    * The comment form includes a "honeypot_" field. It's a trap: if any data is
    212219      entered in that field, the comment will be considered spam (spammers often
    213220      automatically fill in all fields in an attempt to make valid submissions).
    214      
     221
    215222      The default form hides this field with a piece of CSS and further labels
    216223      it with a warning field; if you use the comment form with a custom
    217224      template you should be sure to do the same.
    218    
     225
    219226.. _honeypot: http://en.wikipedia.org/wiki/Honeypot_(computing)
    220227
    221228More information
  • tests/regressiontests/comment_tests/tests/moderation_view_tests.py

    diff --git a/tests/regressiontests/comment_tests/tests/moderation_view_tests.py b/tests/regressiontests/comment_tests/tests/moderation_view_tests.py
    index b9eadd7..c79c006 100644
    a b from django.contrib.auth.models import User, Permission 
    33from django.contrib.contenttypes.models import ContentType
    44from regressiontests.comment_tests.tests import CommentTestCase
    55from django.contrib.comments import signals
    6 
     6from django.contrib.comments.views.moderation import delete
     7import re
    78class FlagViewTests(CommentTestCase):
    89
    910    def testFlagGet(self):
    class DeleteViewTests(CommentTestCase): 
    9293        self.client.login(username="normaluser", password="normaluser")
    9394        response = self.client.post("/delete/%d/" % pk)
    9495        self.assertEqual(response["Location"], "http://testserver/deleted/?c=%d" % pk)
     96       
     97        response = self.client.post("/delete/%d/" % pk,{"next":"/somewhere/else/"})
     98        location = response["Location"]       
     99        match = re.search(r"^http://testserver/somewhere/else/\?c=\d+$", location)
     100        self.failUnless(match != None, "Unexpected redirect location: %s" % location)
    95101        c = Comment.objects.get(pk=pk)
    96102        self.failUnless(c.is_removed)
    97103        self.assertEqual(c.flags.filter(flag=CommentFlag.MODERATOR_DELETION, user__username="normaluser").count(), 1)
    class DeleteViewTests(CommentTestCase): 
    106112
    107113        # Post a comment and check the signals
    108114        self.testDeletePost()
    109         self.assertEqual(received_signals, [signals.comment_was_flagged])
     115        self.assertEqual(received_signals, [signals.comment_was_flagged,signals.comment_was_flagged])
    110116
    111117    def testDeletedView(self):
    112118        comments = self.createSomeComments()
    113119        pk = comments[0].pk       
    114120        response = self.client.get("/deleted/", data={"c":pk})
    115121        self.assertTemplateUsed(response, "comments/deleted.html")
     122       
     123    def testDeletedViewNextGet(self):
     124        comments = self.createSomeComments()
     125        pk = comments[0].pk       
     126        makeModerator("normaluser")
     127        self.client.login(username="normaluser", password="normaluser")
     128        response = self.client.get("/delete/%d/" % pk, data={"next":"/somewhere/else"})
     129        self.assertEqual(response.context[1]['next'],"/somewhere/else")
     130        self.assertTemplateUsed(response, "comments/delete.html")
     131       
    116132
    117133class ApproveViewTests(CommentTestCase):
    118134
  • tests/regressiontests/comment_tests/urls.py

    diff --git a/tests/regressiontests/comment_tests/urls.py b/tests/regressiontests/comment_tests/urls.py
    index 0058689..c183102 100644
    a b urlpatterns = patterns('regressiontests.comment_tests.custom_comments.views', 
    55    url(r'^flag/(\d+)/$',    'custom_flag_comment'),
    66    url(r'^delete/(\d+)/$',  'custom_delete_comment'),
    77    url(r'^approve/(\d+)/$', 'custom_approve_comment'),
     8   
    89)
    9 
Back to Top