blinkster: comparison web/lib/django/contrib/comments/views/comments.py

equal deleted inserted replaced

-:b758351d191f
+:cc9b7e14412b
 from django import http
 from django.conf import settings
 from utils import next_redirect, confirmation_view
-from django.core.exceptions import ObjectDoesNotExist
+from django.core.exceptions import ObjectDoesNotExist, ValidationError
 from django.db import models
 from django.shortcuts import render_to_response
 from django.template import RequestContext
 from django.template.loader import render_to_string
 from django.utils.html import escape
 from django.views.decorators.http import require_POST
 from django.contrib import comments
 from django.contrib.comments import signals
+from django.views.decorators.csrf import csrf_protect
 class CommentPostBadRequest(http.HttpResponseBadRequest):
 """
 Response returned when a comment post is invalid. If ``DEBUG`` is on a
 nice-ish error message will be displayed (for debugging purposes), but in
 def __init__(self, why):
 super(CommentPostBadRequest, self).__init__()
 if settings.DEBUG:
 self.content = render_to_string("comments/400-debug.html", {"why": why})
-def post_comment(request, next=None):
+@csrf_protect
+@require_POST
+def post_comment(request, next=None, using=None):
 """
 Post a comment.
 HTTP POST is required. If ``POST['submit'] == "preview"`` or if there are
 errors a preview template, ``comments/preview.html``, will be rendered.
 object_pk = data.get("object_pk")
 if ctype is None or object_pk is None:
 return CommentPostBadRequest("Missing content_type or object_pk field.")
 try:
 model = models.get_model(*ctype.split(".", 1))
-target = model._default_manager.get(pk=object_pk)
+target = model._default_manager.using(using).get(pk=object_pk)
 except TypeError:
 return CommentPostBadRequest(
 "Invalid content_type value: %r" % escape(ctype))
 except AttributeError:
 return CommentPostBadRequest(
 escape(ctype))
 except ObjectDoesNotExist:
 return CommentPostBadRequest(
 "No object matching content-type %r and object PK %r exists." % \
 (escape(ctype), escape(object_pk)))
+except (ValueError, ValidationError), e:
+return CommentPostBadRequest(
+"Attempting go get content-type %r and object PK %r exists raised %s" % \
+(escape(ctype), escape(object_pk), e.__class__.__name__))
 # Do we want to preview the comment?
 preview = "preview" in data
 # Construct the comment form
 escape(str(form.security_errors())))
 # If there are errors or if we requested a preview show the comment
 if form.errors or preview:
 template_list = [
-"comments/%s_%s_preview.html" % tuple(str(model._meta).split(".")),
+# These first two exist for purely historical reasons.
+# Django v1.0 and v1.1 allowed the underscore format for
+# preview templates, so we have to preserve that format.
+"comments/%s_%s_preview.html" % (model._meta.app_label, model._meta.module_name),
 "comments/%s_preview.html" % model._meta.app_label,
+# Now the usual directory based template heirarchy.
+"comments/%s/%s/preview.html" % (model._meta.app_label, model._meta.module_name),
+"comments/%s/preview.html" % model._meta.app_label,
 "comments/preview.html",
 ]
 return render_to_response(
 template_list, {
 "comment" : form.data.get("comment", ""),
 request = request
 )
 return next_redirect(data, next, comment_done, c=comment._get_pk_val())
-post_comment = require_POST(post_comment)
 comment_done = confirmation_view(
 template = "comments/posted.html",
 doc = """Display a "comment was posted" success page."""
 )

changeset 29	cc9b7e14412b
parent 0	0d40e90630ef