Commits

Ken Bolton  committed 9ffe481

Fix CSRF issues.
PEP-8 fixes.

  • Participants
  • Parent commits 8bb855a

Comments (0)

Files changed (5)

File reploc/templates/reploc/locator.html

 
 {% block title %}Representative Locator{% endblock %}
 
-{% block extra-head %}
+{% block extra_head %}
 <script src="http://maps.google.com/maps?file=api&amp;v=2&amp;key={{ GOOGLE_MAPS_KEY }}" type="text/javascript"></script>
 <script type="text/javascript">
 {# this is a template because it uses some Django tags #}
 </script>
 {% endblock %}
 
-{% block content %}
+{% block main %}
 <h2>Representative Locator</h2>
 
 <p>Please enter an address in the box below and choose a radius to search within.</p>
+<form action="." method="post">
+    {% csrf_token %}
+    <label for="reference-address">Address: </label>
+    <input type="text" id="reference-address" />
 
-<label for="reference-address">Address: </label>
-<input type="text" id="reference-address" />
+    <label for="reference-radius">Radius: </label>
+    <!-- TODO: work with KM //-->
+    <select id="reference-radius">
+        <option value="5">5 miles</option>
+        <option value="10">10 miles</option>
+        <option value="25">25 miles</option>
+        <option value="50">50 miles</option>
+        <option value="100">100 miles</option>
+        <option value="250">250 miles</option>
+        <option value="500">500 miles</option>
+        <option value="1000">1000 miles</option>
+    </select>
 
-<label for="reference-radius">Radius: </label>
-<!-- TODO: work with KM //-->
-<select id="reference-radius">
-    <option value="5">5 miles</option>
-    <option value="10">10 miles</option>
-    <option value="25">25 miles</option>
-    <option value="50">50 miles</option>
-    <option value="100">100 miles</option>
-    <option value="250">250 miles</option>
-    <option value="500">500 miles</option>
-    <option value="1000">1000 miles</option>
-</select>
-
-<input type="button" value="Find Representatives" id="find-locations" />
-<input type="button" value="Reset Map" id="reset-locations" />
-
-<img src="/static/img/ajax.gif" height="25" width="25" alt="Loading..." id="ajax-progress" style="float:right; margin-top: -30px;"/>
-
+    <input type="button" value="Find Representatives" id="find-locations" />
+    <input type="button" value="Reset Map" id="reset-locations" />
+    <img src="/static/img/ajax.gif" height="25" width="25" alt="Loading..." id="ajax-progress" style="float:right; margin-top: -30px;"/>
+</form>
 <div id="location-matches"></div>
 <div style="clear:both"></div>
 
 <div id="representative-map" style="width: 690px; height: 500px; margin-top: 20px;"></div>
 <h3 id="directions-title"></h3>
 <div id="location-directions"></div>
-{% endblock %}
+{% endblock %}

File reploc/templates/reploc/locator.js

     btnFind = $('#find-locations');
     btnReset = $('#reset-locations');
     locMatch = $('#location-matches');
+    csrf_token = $('[name=csrfmiddlewaretoken]');
 
     // for some reason, pulling this back with jQuery doesn't work with the API
     directionsPanel = document.getElementById("location-directions");
     $.ajax({
         url : '{% url reploc-find-locations %}',
         type : 'POST',
-        data : {'address': refAdd.val(),
+        data : {'csrfmiddlewaretoken': csrf_token.val(),
+                'address': refAdd.val(),
                 'radius' : refRad.val()},
         dataType : 'json',
         error : function (xhr, status, err) {
 
     ajax.fadeOut('slow');
 }
-//]]>
+//]]>

File reploc/urls.py

 urlpatterns = patterns('',
     url(r'^$', 'django.views.generic.simple.direct_to_template',
         {'template': 'reploc/locator.html'}, name='reploc-map'),
-    url(r'^locations/find/$', views.find_locations_in_radius, name='reploc-find-locations'),
+    url(r'^locations/find/$', views.find_locations_in_radius,
+        name='reploc-find-locations'),
     url(r'^locations/$', views.get_locations, name='reploc-locations'),
 )

File reploc/utils.py

 
 def get_coordinates(location=None, address=None):
     if not location and not address:
-        raise ValueError('You must specify either a Location object or a string address!')
+        raise ValueError('You must specify either a Location \
+                object or a string address!')
     elif location:
         addy = location.string_address
     elif address:
 
     # retrieve the coordinates from Google Maps
     results = g.geocode(addy, exactly_one=False)
-    place, coord = results.next()
+    place, coord = results[0]
 
     return coord
 
+
 def update_coordinates(sender, instance, created, *args, **kwargs):
     """
     Retrieves the latitude and longitude coordinates of an address for a dealer

File reploc/views.py

 from django.shortcuts import render_to_response
 from django.http import Http404
 from django.utils.simplejson import JSONEncoder
+from django.views.decorators.csrf import csrf_exempt
+
 from reploc.models import Location
 from reploc import utils
 
+
+@csrf_exempt
 def get_locations(request):
     """
     Retrieves all locations for all active representatives and returns the
                               {'json': json.encode(data)},
                               mimetype='text/javascript')
 
+
 def find_locations_in_radius(request):
     """
     Determines the coordinates of the input address and finds all active
 
     # snag some needed info from the request
     address = request.POST.get('address', '')
-    radius = float(request.POST.get('radius', 25));
+    radius = float(request.POST.get('radius', 25))
 
     try:
         # TODO: figure out how to make this better when more than one result
 
         # check the distance between the center and the location
         # source: http://www.meridianworlddata.com/Distance-Calculation.asp
-        dist = 3963.189 * acos(sin(lat1 / C) * sin(lat2 / C) + cos(lat1 / C) * cos(lat2 / C) * cos(lng2 / C - lng1 / C))
+        dist = 3963.189 * acos(sin(lat1 / C) * sin(lat2 / C) + cos(lat1 / C) \
+                * cos(lat2 / C) * cos(lng2 / C - lng1 / C))
 
         # if the location is within the radius of the input address, add it to
         # our collection
                               {'json': json.encode(data)},
                               mimetype='text/javascript')
 
+
 def jsonify_location(l):
     """
     Puts the appropriate information about a location into a JSON-serializable