]> git.llucax.com Git - software/blitiri.git/blobdiff - blitiri.cgi
Be aware of rst parsing errors with no line information
[software/blitiri.git] / blitiri.cgi
index d48b8eb04dd8755ecbf42e2c3946acfa00408604..f9663b554e422404ad3896d27e60bc7e8f8038d9 100755 (executable)
@@ -40,6 +40,34 @@ author = "Hartmut Kegan"
 # Article encoding
 encoding = "utf8"
 
+# Captcha class
+class Captcha (object):
+       def __init__(self, article):
+               self.article = article
+               words = article.title.split()
+               self.nword = hash(article.title) % len(words) % 5
+               self.answer = words[self.nword]
+               self.help = 'gotcha, damn spam bot!'
+
+       def get_puzzle(self):
+               nword = self.nword + 1
+               if nword == 1:
+                       n = '1st'
+               elif nword == 2:
+                       n = '2nd'
+               elif nword == 3:
+                       n = '3rd'
+               else:
+                       n = str(nword) + 'th'
+               return "enter the %s word of the article's title" % n
+       puzzle = property(fget = get_puzzle)
+
+       def validate(self, form_data):
+               if form_data.captcha.lower() == self.answer.lower():
+                       return True
+               return False
+
+
 #
 # End of configuration
 # DO *NOT* EDIT ANYTHING PAST HERE
@@ -57,6 +85,7 @@ import zlib
 import urllib
 import cgi
 from docutils.core import publish_parts
+from docutils.utils import SystemMessage
 
 # Before importing the config, add our cwd to the Python path
 sys.path.append(os.getcwd())
@@ -159,24 +188,32 @@ default_comment_form = """
 <div class="comforminner">
 <form method="%(form_method)s" action="%(form_action)s">
 <div class="comformauthor">
-  <label for="comformauthor">Your name</label>
+  <label for="comformauthor">Your name %(form_author_error)s</label>
   <input type="text" class="comformauthor" id="comformauthor"
-         name="comformauthor" />
+         name="comformauthor" value="%(form_author)s" />
 </div>
 <div class="comformlink">
   <label for="comformlink">Your link
-    <span class="comformoptional">(optional, will be published)</span></label>
+    <span class="comformoptional">(optional, will be published)</span>
+      %(form_link_error)s</label>
   <input type="text" class="comformlink" id="comformlink"
-         name="comformlink" />
+         name="comformlink" value="%(form_link)s" />
   <div class="comformhelp">
     like <span class="formurlexample">http://www.example.com/</span>
     or <span class="formurlexample">mailto:you@example.com</span>
   </div>
 </div>
+<div class="comformcaptcha">
+  <label for="comformcaptcha">Your humanity proof %(form_captcha_error)s</label>
+  <input type="text" class="comformcaptcha" id="comformcaptcha"
+         name="comformcaptcha" value="%(form_captcha)s" />
+  <div class="comformhelp">%(captcha_puzzle)s</div>
+</div>
 <div class="comformbody">
-  <label for="comformbody" class="comformbody">The comment</label>
+  <label for="comformbody" class="comformbody">The comment
+    %(form_body_error)s</label>
   <textarea class="comformbody" id="comformbody" name="comformbody" rows="15"
-            cols="80"></textarea>
+            cols="80">%(form_body)s</textarea>
   <div class="comformhelp">
     in
     <a href="http://docutils.sourceforge.net/docs/user/rst/quickref.html">\
@@ -193,6 +230,8 @@ RestructuredText</a> format, please
 </div>
 """
 
+default_comment_error = '<span class="comformerror">(%(error)s)</span>'
+
 
 # Default CSS
 default_css = """
@@ -328,6 +367,12 @@ button.comformsend {
        margin-top: 0.5em;
 }
 
+span.comformerror {
+       color: #900;
+       font-size: xx-small;
+       margin-left: 0.5em;
+}
+
 hr {
        float: left;
        height: 2px;
@@ -371,12 +416,40 @@ def rst_to_html(rst):
                                writer_name = "html")
        return parts['body'].encode('utf8')
 
-def valid_rst(rst):
+def validate_rst(rst):
        try:
                rst_to_html(rst)
-               return True
-       except:
-               return False
+               return None
+       except SystemMessage, e:
+               desc = e.args[0].encode('utf-8') # the error string
+               desc = desc[9:] # remove "<string>:"
+               line = int(desc[:desc.find(':')] or 0) # get the line number
+               desc = desc[desc.find(')')+2:-1] # remove (LEVEL/N)
+               try:
+                       desc, context = desc.split('\n', 1)
+               except ValueError:
+                       context = ''
+               if desc.endswith('.'):
+                       desc = desc[:-1]
+               return (line, desc, context)
+
+def valid_link(link):
+       import re
+       mail_re = r"^[^ \t\n\r@<>()]+@[a-z0-9][a-z0-9\.\-_]*\.[a-z]+$"
+       scheme_re = r'^[a-zA-Z]+:'
+       url_re = r'^(?:[a-z0-9\-]+|[a-z0-9][a-z0-9\-\.\_]*\.[a-z]+)' \
+                       r'(?::[0-9]+)?(?:/.*)?$'
+       scheme = ''
+       rest = link
+       if re.match(scheme_re, link, re.I):
+               scheme, rest = link.split(':', 1)
+       if (not scheme or scheme == 'mailto') and re.match(mail_re, rest, re.I):
+               return 'mailto:' + link
+       if not scheme and re.match(url_re, rest, re.I):
+               return 'http://' + rest
+       if scheme:
+               return link
+       return None
 
 def sanitize(obj):
        if isinstance(obj, basestring):
@@ -457,13 +530,53 @@ class Templates (object):
                return self.get_template(
                        'com_footer', default_comment_footer, comment.to_vars())
 
-       def get_comment_form(self, article, method, action):
+       def get_comment_form(self, article, form_data, captcha_puzzle):
                vars = article.to_vars()
-               vars['form_method'] = method
-               vars['form_action'] = action
+               vars.update(form_data.to_vars(self))
+               vars['captcha_puzzle'] = captcha_puzzle
                return self.get_template(
                        'com_form', default_comment_form, vars)
 
+       def get_comment_error(self, error):
+               return self.get_template(
+                       'com_error', default_comment_error, dict(error=error))
+
+
+class CommentFormData (object):
+       def __init__(self, author = '', link = '', captcha = '', body = ''):
+               self.author = author
+               self.link = link
+               self.captcha = captcha
+               self.body = body
+               self.author_error = ''
+               self.link_error = ''
+               self.captcha_error = ''
+               self.body_error = ''
+               self.action = ''
+               self.method = 'post'
+
+       def to_vars(self, template):
+               render_error = template.get_comment_error
+               a_error = self.author_error and render_error(self.author_error)
+               l_error = self.link_error and render_error(self.link_error)
+               c_error = self.captcha_error \
+                               and render_error(self.captcha_error)
+               b_error = self.body_error and render_error(self.body_error)
+               return {
+                       'form_author': sanitize(self.author),
+                       'form_link': sanitize(self.link),
+                       'form_captcha': sanitize(self.captcha),
+                       'form_body': sanitize(self.body),
+
+                       'form_author_error': a_error,
+                       'form_link_error': l_error,
+                       'form_captcha_error': c_error,
+                       'form_body_error': b_error,
+
+                       'form_action': self.action,
+                       'form_method': self.method,
+               }
+
 
 class Comment (object):
        def __init__(self, article, number, created = None):
@@ -833,10 +946,23 @@ class ArticleDB (object):
 # Main
 #
 
+def render_comments(article, template, form_data):
+       print '<a name="comments" />'
+       for c in article.comments:
+               if c is None:
+                       continue
+               print template.get_comment_header(c)
+               print c.to_html()
+               print template.get_comment_footer(c)
+       if not form_data:
+               form_data = CommentFormData()
+       form_data.action = blog_url + '/comment/' + article.uuid + '#comment'
+       captcha = Captcha(article)
+       print template.get_comment_form(article, form_data, captcha.puzzle)
 
 def render_html(articles, db, actyear = None, show_comments = False,
-               redirect =  None):
-       if redirect is not None:
+               redirect =  None, form_data = None):
+       if redirect:
                print 'Status: 303 See Other\r\n',
                print 'Location: %s\r\n' % redirect,
        print 'Content-type: text/html; charset=utf-8\r\n',
@@ -848,15 +974,7 @@ def render_html(articles, db, actyear = None, show_comments = False,
                print a.to_html()
                print template.get_article_footer(a)
                if show_comments:
-                       print '<a name="comments" />'
-                       for c in a.comments:
-                               if c is None:
-                                       continue
-                               print template.get_comment_header(c)
-                               print c.to_html()
-                               print template.get_comment_footer(c)
-                       print template.get_comment_form(a, 'post',
-                                       blog_url + '/comment/' + a.uuid)
+                       render_comments(a, template, form_data)
        print template.get_main_footer()
 
 def render_artlist(articles, db, actyear = None):
@@ -969,9 +1087,11 @@ def handle_cgi():
                        tags = set((t,))
                elif comment:
                        uuid = path_info.replace('/comment/', '')
+                       uuid = uuid.replace('#comment', '')
                        uuid = uuid.replace('/', '')
                        author = form.getfirst('comformauthor', '')
                        link = form.getfirst('comformlink', '')
+                       captcha = form.getfirst('comformcaptcha', '')
                        body = form.getfirst('comformbody', '')
 
        db = ArticleDB(os.path.join(data_path, 'db'))
@@ -988,20 +1108,50 @@ def handle_cgi():
                articles.sort(cmp = Article.title_cmp)
                render_artlist(articles, db)
        elif comment:
-               author = author.strip().replace('\n', ' ')
-               link = link.strip().replace('\n', ' ')
-               body = body.strip()
+               form_data = CommentFormData(author.strip().replace('\n', ' '),
+                               link.strip().replace('\n', ' '), captcha,
+                               body.replace('\r', ''))
                article = db.get_article(uuid)
-               redirect = blog_url + '/post/' + uuid + '#comment'
-               if author and body and valid_rst(body):
-                       c = article.add_comment(author, body, link)
+               captcha = Captcha(article)
+               redirect = False
+               valid = True
+               if not form_data.author:
+                       form_data.author_error = 'please, enter your name'
+                       valid = False
+               if form_data.link:
+                       link = valid_link(form_data.link)
+                       if link:
+                               form_data.link = link
+                       else:
+                               form_data.link_error = 'please, enter a ' \
+                                               'valid link'
+                               valid = False
+               if not captcha.validate(form_data):
+                       form_data.captcha_error = captcha.help
+                       valid = False
+               if not form_data.body:
+                       form_data.body_error = 'please, write a comment'
+                       valid = False
+               else:
+                       error = validate_rst(form_data.body)
+                       if error is not None:
+                               (line, desc, ctx) = error
+                               at = ''
+                               if line:
+                                       at = ' at line %d' % line
+                               form_data.body_error = 'error%s: %s' % (at, desc)
+                               valid = False
+               if valid:
+                       c = article.add_comment(form_data.author,
+                                       form_data.body, form_data.link)
                        c.save()
                        cdb = CommentDB(article)
                        cdb.comments = article.comments
                        cdb.save()
-                       redirect += '-' + str(c.number)
-               render_html( [article], db, year, enable_comments,
-                               redirect = redirect )
+                       redirect = blog_url + '/post/' + uuid + '#comment-' \
+                                       + str(c.number)
+               render_html( [article], db, year, enable_comments, redirect,
+                               form_data )
        else:
                articles = db.get_articles(year, month, day, tags)
                articles.sort(reverse = True)