]> git.openstreetmap.org Git - osqa.git/blob - forum/views/meta.py
Fixes OSQA 446 "Security - Multiple cross site scripting (XSS) vulnerabilities".
[osqa.git] / forum / views / meta.py
1 import os
2 from itertools import groupby
3 from django.shortcuts import render_to_response, get_object_or_404
4 from django.core.urlresolvers import reverse
5 from django.template import RequestContext, loader
6 from django.http import HttpResponseRedirect, HttpResponse, Http404
7 from django.views.static import serve
8 from forum import settings
9 from forum.modules import decorate
10 from forum.views.decorators import login_required
11 from forum.forms import FeedbackForm
12 from django.core.urlresolvers import reverse
13 from django.utils.translation import ugettext as _
14 from django.db.models import Count
15 from forum.forms import get_next_url
16 from forum.models import Badge, Award, User, Page
17 from forum.badges.base import BadgesMeta
18 from forum import settings
19 from forum.utils.mail import send_template_email
20 from django.utils.safestring import mark_safe
21 from forum.templatetags.extra_filters import or_preview
22 import decorators
23 import re
24
25 def favicon(request):
26     return HttpResponseRedirect(str(settings.APP_FAVICON))
27
28 def custom_css(request):
29     return HttpResponse(or_preview(settings.CUSTOM_CSS, request), mimetype="text/css")
30
31 def static(request, title, content):
32     return render_to_response('static.html', {'content' : content, 'title': title},
33                               context_instance=RequestContext(request))
34
35 def media(request, skin, path):
36     return serve(request, "%s/media/%s" % (skin, path),
37                  document_root=os.path.join(os.path.dirname(os.path.dirname(__file__)), 'skins').replace('\\', '/'))
38
39 def markdown_help(request):
40     return render_to_response('markdown_help.html', context_instance=RequestContext(request))
41
42
43 def opensearch(request):
44     return render_to_response('opensearch.html', {'settings' : settings}, context_instance=RequestContext(request))
45
46
47 def feedback(request):
48     if request.method == "POST":
49         form = FeedbackForm(request.user, data=request.POST)
50         if form.is_valid():
51             context = {
52                  'user': request.user,
53                  'email': request.user.is_authenticated() and request.user.email or form.cleaned_data.get('email', None),
54                  'message': form.cleaned_data['message'],
55                  'name': request.user.is_authenticated() and request.user.username or form.cleaned_data.get('name', None),
56                  'ip': request.META['REMOTE_ADDR'],
57             }
58
59             recipients = User.objects.filter(is_superuser=True)
60             send_template_email(recipients, "notifications/feedback.html", context)
61
62             msg = _('Thanks for the feedback!')
63             request.user.message_set.create(message=msg)
64             return HttpResponseRedirect(get_next_url(request))
65     else:
66         form = FeedbackForm(request.user, initial={'next':get_next_url(request)})
67
68     return render_to_response('feedback.html', {'form': form}, context_instance=RequestContext(request))
69
70 feedback.CANCEL_MESSAGE=_('We look forward to hearing your feedback! Please, give it next time :)')
71
72 def privacy(request):
73     return render_to_response('privacy.html', context_instance=RequestContext(request))
74
75 @decorate.withfn(login_required)
76 def logout(request):
77     return render_to_response('logout.html', {
78     'next' : get_next_url(request),
79     }, context_instance=RequestContext(request))
80
81 @decorators.render('badges.html', 'badges', _('badges'), weight=300)
82 def badges(request):
83     badges = [b.ondb for b in sorted(BadgesMeta.by_id.values(), lambda b1, b2: cmp(b1.name, b2.name))]
84
85     if request.user.is_authenticated():
86         my_badges = Award.objects.filter(user=request.user).values('badge_id').distinct()
87     else:
88         my_badges = []
89
90     return {
91         'badges' : badges,
92         'mybadges' : my_badges,
93     }
94
95 def badge(request, id, slug):
96     badge = Badge.objects.get(id=id)
97     awards = list(Award.objects.filter(badge=badge).order_by('user', 'awarded_at'))
98     award_count = len(awards)
99
100     awards = sorted([dict(count=len(list(g)), user=k) for k, g in groupby(awards, lambda a: a.user)],
101                     lambda c1, c2: c2['count'] - c1['count'])
102
103     return render_to_response('badge.html', {
104     'award_count': award_count,
105     'awards' : awards,
106     'badge' : badge,
107     }, context_instance=RequestContext(request))
108
109 def page(request, path):
110     if path in settings.STATIC_PAGE_REGISTRY:
111         try:
112             page = Page.objects.get(id=settings.STATIC_PAGE_REGISTRY[path])
113
114             if (not page.published) and (not request.user.is_superuser):
115                 raise Http404
116         except:
117             raise Http404
118     else:
119         raise Http404
120
121     template = page.extra.get('template', 'default')
122     sidebar = page.extra.get('sidebar', '')
123
124     if template == 'default':
125         base = 'base_content.html'
126     elif template == 'sidebar':
127         base = 'base.html'
128
129         sidebar_render = page.extra.get('render', 'markdown')
130
131         if sidebar_render == 'markdown':
132             sidebar = page._as_markdown(sidebar)
133         elif sidebar_render == 'html':
134             sidebar = mark_safe(sidebar)
135
136     else:
137         return HttpResponse(page.body, mimetype=page.extra.get('mimetype', 'text/html'))
138
139     render = page.extra.get('render', 'markdown')
140
141     if render == 'markdown':
142         body = page.as_markdown()
143     elif render == 'html':
144         body = mark_safe(page.body)
145     else:
146         body = page.body
147
148     return render_to_response('page.html', {
149     'page' : page,
150     'body' : body,
151     'sidebar': sidebar,
152     'base': base,
153     }, context_instance=RequestContext(request))
154
155