]> git.openstreetmap.org Git - osqa.git/blobdiff - forum/views/meta.py
projects / osqa.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fixing bug 482 in a way we escape all passed from URL parameters.
[osqa.git] / forum / views / meta.py
diff --git a/forum/views/meta.py b/forum/views/meta.py
index 932c627a123d6b9637707395ccd3a6a86b96468a..2177301d48b3bf723a254815aef85106a08484d0 100644 (file)
--- a/forum/views/meta.py
+++ b/forum/views/meta.py
@@ -6,6 +6,8 @@ from django.template import RequestContext, loader
 from django.http import HttpResponseRedirect, HttpResponse, Http404
 from django.views.static import serve
 from forum import settings
 from django.http import HttpResponseRedirect, HttpResponse, Http404
 from django.views.static import serve
 from forum import settings
+from forum.modules import decorate
+from forum.views.decorators import login_required
 from forum.forms import FeedbackForm
 from django.core.urlresolvers import reverse
 from django.utils.translation import ugettext as _
 from forum.forms import FeedbackForm
 from django.core.urlresolvers import reverse
 from django.utils.translation import ugettext as _
@@ -17,6 +19,7 @@ from forum import settings
 from forum.utils.mail import send_template_email
 from django.utils.safestring import mark_safe
 from forum.templatetags.extra_filters import or_preview
 from forum.utils.mail import send_template_email
 from django.utils.safestring import mark_safe
 from forum.templatetags.extra_filters import or_preview
+import decorators
 import re
 
 def favicon(request):
 import re
 
 def favicon(request):
@@ -43,15 +46,15 @@ def opensearch(request):
 
 def feedback(request):
     if request.method == "POST":
 
 def feedback(request):
     if request.method == "POST":
-        form = FeedbackForm(request.POST)
+        form = FeedbackForm(request.user, data=request.POST)
         if form.is_valid():
         if form.is_valid():
-            context = {'user': request.user}
-
-            if not request.user.is_authenticated:
-                context['email'] = form.cleaned_data.get('email', None)
-            context['message'] = form.cleaned_data['message']
-            context['name'] = form.cleaned_data.get('name', None)
-            context['ip'] = request.META['REMOTE_ADDR']
+            context = {
+                 'user': request.user,
+                 'email': request.user.is_authenticated() and request.user.email or form.cleaned_data.get('email', None),
+                 'message': form.cleaned_data['message'],
+                 'name': request.user.is_authenticated() and request.user.username or form.cleaned_data.get('name', None),
+                 'ip': request.META['REMOTE_ADDR'],
+            }
 
             recipients = User.objects.filter(is_superuser=True)
             send_template_email(recipients, "notifications/feedback.html", context)
 
             recipients = User.objects.filter(is_superuser=True)
             send_template_email(recipients, "notifications/feedback.html", context)
@@ -60,7 +63,7 @@ def feedback(request):
             request.user.message_set.create(message=msg)
             return HttpResponseRedirect(get_next_url(request))
     else:
             request.user.message_set.create(message=msg)
             return HttpResponseRedirect(get_next_url(request))
     else:
-        form = FeedbackForm(initial={'next':get_next_url(request)})
+        form = FeedbackForm(request.user, initial={'next':get_next_url(request)})
 
     return render_to_response('feedback.html', {'form': form}, context_instance=RequestContext(request))
 
 
     return render_to_response('feedback.html', {'form': form}, context_instance=RequestContext(request))
 
@@ -69,11 +72,13 @@ feedback.CANCEL_MESSAGE=_('We look forward to hearing your feedback! Please, giv
 def privacy(request):
     return render_to_response('privacy.html', context_instance=RequestContext(request))
 
 def privacy(request):
     return render_to_response('privacy.html', context_instance=RequestContext(request))
 
+@decorate.withfn(login_required)
 def logout(request):
     return render_to_response('logout.html', {
     'next' : get_next_url(request),
     }, context_instance=RequestContext(request))
 
 def logout(request):
     return render_to_response('logout.html', {
     'next' : get_next_url(request),
     }, context_instance=RequestContext(request))
 
+@decorators.render('badges.html', 'badges', _('badges'), weight=300)
 def badges(request):
     badges = [b.ondb for b in sorted(BadgesMeta.by_id.values(), lambda b1, b2: cmp(b1.name, b2.name))]
 
 def badges(request):
     badges = [b.ondb for b in sorted(BadgesMeta.by_id.values(), lambda b1, b2: cmp(b1.name, b2.name))]
 
@@ -82,10 +87,10 @@ def badges(request):
     else:
         my_badges = []
 
     else:
         my_badges = []
 
-    return render_to_response('badges.html', {
-    'badges' : badges,
-    'mybadges' : my_badges,
-    }, context_instance=RequestContext(request))
+    return {
+        'badges' : badges,
+        'mybadges' : my_badges,
+    }
 
 def badge(request, id, slug):
     badge = Badge.objects.get(id=id)
 
 def badge(request, id, slug):
     badge = Badge.objects.get(id=id)
OSQA