]> git.openstreetmap.org Git - osqa.git/blobdiff - forum/forms/qanda.py
Prevent XSS attacks with wmd using the google-caja html sanitizer.
[osqa.git] / forum / forms / qanda.py
index d54eabb7cdeed00baf2e9490378170ed62deff00..e356f0744655e1cb483035462145f235ed21add1 100644 (file)
@@ -3,24 +3,30 @@ from datetime import date
 from django import forms
 from forum.models import *
 from django.utils.translation import ugettext as _
-from django.contrib.humanize.templatetags.humanize import apnumber
 
-from django.utils.safestring import mark_safe
-from general import NextUrlField, UserNameField, SetPasswordForm
+from django.utils.encoding import smart_unicode
+from general import NextUrlField, UserNameField
+
 from forum import settings
+
+from forum.modules import call_all_handlers
+
 import logging
 
 class TitleField(forms.CharField):
     def __init__(self, *args, **kwargs):
         super(TitleField, self).__init__(*args, **kwargs)
+
         self.required = True
-        self.widget = forms.TextInput(attrs={'size' : 70, 'autocomplete' : 'off'})
         self.max_length = 255
+        self.widget = forms.TextInput(attrs={'size' : 70, 'autocomplete' : 'off', 'maxlength' : self.max_length})
         self.label  = _('title')
         self.help_text = _('please enter a descriptive title for your question')
         self.initial = ''
 
     def clean(self, value):
+        super(TitleField, self).clean(value)
+
         if len(value) < settings.FORM_MIN_QUESTION_TITLE:
             raise forms.ValidationError(_('title must be must be at least %s characters') % settings.FORM_MIN_QUESTION_TITLE)
 
@@ -29,6 +35,7 @@ class TitleField(forms.CharField):
 class EditorField(forms.CharField):
     def __init__(self, *args, **kwargs):
         super(EditorField, self).__init__(*args, **kwargs)
+
         self.widget = forms.Textarea(attrs={'id':'editor'})
         self.label  = _('content')
         self.help_text = u''
@@ -42,7 +49,9 @@ class QuestionEditorField(EditorField):
 
 
     def clean(self, value):
-        if self.required and (len(re.sub('[ ]{2,}', ' ', value)) < settings.FORM_MIN_QUESTION_BODY):
+        super(QuestionEditorField, self).clean(value)
+
+        if not bool(settings.FORM_EMPTY_QUESTION_BODY) and (len(re.sub('[ ]{2,}', ' ', value)) < settings.FORM_MIN_QUESTION_BODY):
             raise forms.ValidationError(_('question content must be at least %s characters') % settings.FORM_MIN_QUESTION_BODY)
 
         return value
@@ -53,6 +62,8 @@ class AnswerEditorField(EditorField):
         self.required = True
 
     def clean(self, value):
+        super(AnswerEditorField, self).clean(value)
+
         if len(re.sub('[ ]{2,}', ' ', value)) < settings.FORM_MIN_QUESTION_BODY:
             raise forms.ValidationError(_('answer content must be at least %s characters') % settings.FORM_MIN_QUESTION_BODY)
 
@@ -62,6 +73,7 @@ class AnswerEditorField(EditorField):
 class TagNamesField(forms.CharField):
     def __init__(self, user=None, *args, **kwargs):
         super(TagNamesField, self).__init__(*args, **kwargs)
+
         self.required = True
         self.widget = forms.TextInput(attrs={'size' : 50, 'autocomplete' : 'off'})
         self.max_length = 255
@@ -74,6 +86,8 @@ class TagNamesField(forms.CharField):
         self.user = user
 
     def clean(self, value):
+        super(TagNamesField, self).clean(value)
+
         value = super(TagNamesField, self).clean(value)
         data = value.strip().lower()
 
@@ -86,12 +100,12 @@ class TagNamesField(forms.CharField):
             raise forms.ValidationError(_('please use between %(min)s and %(max)s tags') % { 'min': settings.FORM_MIN_NUMBER_OF_TAGS, 'max': settings.FORM_MAX_NUMBER_OF_TAGS})
 
         list_temp = []
-        tagname_re = re.compile(r'^[\w+\.-]+$', re.UNICODE)
+        tagname_re = re.compile(r'^[\w+#\.-]+$', re.UNICODE)
         for key,tag in list.items():
             if len(tag) > settings.FORM_MAX_LENGTH_OF_TAG or len(tag) < settings.FORM_MIN_LENGTH_OF_TAG:
                 raise forms.ValidationError(_('please use between %(min)s and %(max)s characters in you tags') % { 'min': settings.FORM_MIN_LENGTH_OF_TAG, 'max': settings.FORM_MAX_LENGTH_OF_TAG})
             if not tagname_re.match(tag):
-                raise forms.ValidationError(_('please use following characters in tags: letters , numbers, and characters \'.-_\''))
+                raise forms.ValidationError(_('please use following characters in tags: letters , numbers, and characters \'.#-_\''))
             # only keep one same tag
             if tag not in list_temp and len(tag.strip()) > 0:
                 list_temp.append(tag)
@@ -135,11 +149,28 @@ class SummaryField(forms.CharField):
 
 
 class FeedbackForm(forms.Form):
-    name = forms.CharField(label=_('Your name:'), required=False)
-    email = forms.EmailField(label=_('Email (not shared with anyone):'), required=True)
     message = forms.CharField(label=_('Your message:'), max_length=800,widget=forms.Textarea(attrs={'cols':60}))
     next = NextUrlField()
 
+    def __init__(self, user, *args, **kwargs):
+        super(FeedbackForm, self).__init__(*args, **kwargs)
+        if not user.is_authenticated():
+            self.fields['name'] = forms.CharField(label=_('Your name:'), required=False)
+            self.fields['email'] = forms.EmailField(label=_('Email (not shared with anyone):'), required=True)
+
+        # Create anti spam fields
+        spam_fields = call_all_handlers('create_anti_spam_field')
+        if spam_fields:
+            spam_fields = dict(spam_fields)
+            for name, field in spam_fields.items():
+                self.fields[name] = field
+
+            self._anti_spam_fields = spam_fields.keys()
+        else:
+            self._anti_spam_fields = []
+
+
+
 class AskForm(forms.Form):
     title  = TitleField()
     text   = QuestionEditorField()
@@ -148,6 +179,17 @@ class AskForm(forms.Form):
         super(AskForm, self).__init__(data, *args, **kwargs)
 
         self.fields['tags']   = TagNamesField(user)
+        
+        if int(user.reputation) < settings.CAPTCHA_IF_REP_LESS_THAN and not (user.is_superuser or user.is_staff):
+            spam_fields = call_all_handlers('create_anti_spam_field')
+            if spam_fields:
+                spam_fields = dict(spam_fields)
+                for name, field in spam_fields.items():
+                    self.fields[name] = field
+
+                self._anti_spam_fields = spam_fields.keys()
+            else:
+                self._anti_spam_fields = []
 
         if settings.WIKI_ON:
             self.fields['wiki'] = WikiField()
@@ -156,16 +198,23 @@ class AnswerForm(forms.Form):
     text   = AnswerEditorField()
     wiki   = WikiField()
 
-    def __init__(self, question, *args, **kwargs):
-        super(AnswerForm, self).__init__(*args, **kwargs)
+    def __init__(self, data=None, user=None, *args, **kwargs):
+        super(AnswerForm, self).__init__(data, *args, **kwargs)
+        
+        if int(user.reputation) < settings.CAPTCHA_IF_REP_LESS_THAN and not (user.is_superuser or user.is_staff):
+            spam_fields = call_all_handlers('create_anti_spam_field')
+            if spam_fields:
+                spam_fields = dict(spam_fields)
+                for name, field in spam_fields.items():
+                    self.fields[name] = field
+
+                self._anti_spam_fields = spam_fields.keys()
+            else:
+                self._anti_spam_fields = []
 
         if settings.WIKI_ON:
             self.fields['wiki'] = WikiField()
 
-            if question.nis.wiki:
-                self.fields['wiki'].initial = True
-
-
 class RetagQuestionForm(forms.Form):
     tags   = TagNamesField()
     # initialize the default values
@@ -182,11 +231,11 @@ class RevisionForm(forms.Form):
     def __init__(self, post, *args, **kwargs):
         super(RevisionForm, self).__init__(*args, **kwargs)
 
-        revisions = post.revisions.all().values_list(
-            'revision', 'author__username', 'revised_at', 'summary')
+        revisions = post.revisions.all().values_list('revision', 'author__username', 'revised_at', 'summary').order_by('-revised_at')
+
         date_format = '%c'
         self.fields['revision'].choices = [
-            (r[0], u'%s - %s (%s) %s' % (r[0], r[1], r[2].strftime(date_format), r[3]))
+            (r[0], u'%s - %s (%s) %s' % (r[0], smart_unicode(r[1]), r[2].strftime(date_format), r[3]))
             for r in revisions]
 
         self.fields['revision'].initial = post.active_revision.revision
@@ -208,6 +257,17 @@ class EditQuestionForm(forms.Form):
         self.fields['tags'] = TagNamesField(user)
         self.fields['tags'].initial = revision.tagnames
 
+        if int(user.reputation) < settings.CAPTCHA_IF_REP_LESS_THAN and not (user.is_superuser or user.is_staff):
+            spam_fields = call_all_handlers('create_anti_spam_field')
+            if spam_fields:
+                spam_fields = dict(spam_fields)
+                for name, field in spam_fields.items():
+                    self.fields[name] = field
+
+                self._anti_spam_fields = spam_fields.keys()
+            else:
+                self._anti_spam_fields = []
+
         if settings.WIKI_ON:
             self.fields['wiki'] = WikiField(disabled=(question.nis.wiki and not user.can_cancel_wiki(question)), initial=question.nis.wiki)
 
@@ -223,6 +283,17 @@ class EditAnswerForm(forms.Form):
 
         self.fields['text'].initial = revision.body
 
+        if int(user.reputation) < settings.CAPTCHA_IF_REP_LESS_THAN and not (user.is_superuser or user.is_staff):
+            spam_fields = call_all_handlers('create_anti_spam_field')
+            if spam_fields:
+                spam_fields = dict(spam_fields)
+                for name, field in spam_fields.items():
+                    self.fields[name] = field
+
+                self._anti_spam_fields = spam_fields.keys()
+            else:
+                self._anti_spam_fields = []
+        
         if settings.WIKI_ON:
             self.fields['wiki'] = WikiField(disabled=(answer.nis.wiki and not user.can_cancel_wiki(answer)), initial=answer.nis.wiki)
 
@@ -247,14 +318,13 @@ class EditUserForm(forms.Form):
 
         if user.date_of_birth is not None:
             self.fields['birthday'].initial = user.date_of_birth
-        else:
-            self.fields['birthday'].initial = '1990-01-01'
+
         self.fields['about'].initial = user.about
         self.user = user
 
     def clean_email(self):
         if self.user.email != self.cleaned_data['email']:
-            if settings.EMAIL_UNIQUE == True:
+            if settings.EMAIL_UNIQUE:
                 if 'email' in self.cleaned_data:
                     from forum.models import User
                     try:
@@ -266,30 +336,27 @@ class EditUserForm(forms.Form):
                         
                     raise forms.ValidationError(_('this email has already been registered, please use another one'))
         return self.cleaned_data['email']
+        
 
 NOTIFICATION_CHOICES = (
     ('i', _('Instantly')),
-    ('d', _('Daily')),
-    ('w', _('Weekly')),
+    #('d', _('Daily')),
+    #('w', _('Weekly')),
     ('n', _('No notifications')),
 )
 
-class SubscriptionSettingsForm(forms.Form):
+class SubscriptionSettingsForm(forms.ModelForm):
+    enable_notifications = forms.BooleanField(widget=forms.HiddenInput, required=False)
     member_joins = forms.ChoiceField(widget=forms.RadioSelect, choices=NOTIFICATION_CHOICES)
     new_question = forms.ChoiceField(widget=forms.RadioSelect, choices=NOTIFICATION_CHOICES)
     new_question_watched_tags = forms.ChoiceField(widget=forms.RadioSelect, choices=NOTIFICATION_CHOICES)
     subscribed_questions = forms.ChoiceField(widget=forms.RadioSelect, choices=NOTIFICATION_CHOICES)
 
-    all_questions = forms.BooleanField(required=False, initial=False)
-    all_questions_watched_tags = forms.BooleanField(required=False, initial=False)
-    questions_asked = forms.BooleanField(required=False, initial=False)
-    questions_answered = forms.BooleanField(required=False, initial=False)
-    questions_commented = forms.BooleanField(required=False, initial=False)
-    questions_viewed = forms.BooleanField(required=False, initial=False)
-
-    notify_answers = forms.BooleanField(required=False, initial=False)
-    notify_reply_to_comments = forms.BooleanField(required=False, initial=False)
-    notify_comments_own_post = forms.BooleanField(required=False, initial=False)
-    notify_comments = forms.BooleanField(required=False, initial=False)
-    notify_accepted = forms.BooleanField(required=False, initial=False)
+    class Meta:
+        model = SubscriptionSettings
+
+class UserPreferencesForm(forms.Form):
+    sticky_sorts = forms.BooleanField(required=False, initial=False)
+
+