Commits

Hudarsono Hu committed 914bd8a

Added csrf validation

  • Participants
  • Parent commits 2150935

Comments (0)

Files changed (238)

.hgignore

File contents unchanged.

.hgtags

File contents unchanged.

.project

File contents unchanged.

.pydevproject

File contents unchanged.
File contents unchanged.

__init__.py

File contents unchanged.
-application: app-name      # change this to your app-name
+application: your-appname      # change this to your app-name
 version: 1
 runtime: python
 api_version: 1

appengine_django/__init__.py

File contents unchanged.

appengine_django/auth/__init__.py

File contents unchanged.

appengine_django/auth/decorators.py

File contents unchanged.

appengine_django/auth/middleware.py

File contents unchanged.

appengine_django/auth/models.py

File contents unchanged.

appengine_django/auth/templatetags.py

File contents unchanged.

appengine_django/auth/tests.py

File contents unchanged.

appengine_django/conf/app_template/__init__.py

File contents unchanged.

appengine_django/conf/app_template/models.py

File contents unchanged.

appengine_django/conf/app_template/views.py

File contents unchanged.

appengine_django/db/__init__.py

File contents unchanged.

appengine_django/db/__init__.pyc

Binary file removed.

appengine_django/db/base.py

File contents unchanged.

appengine_django/db/base.pyc

Binary file removed.

appengine_django/db/creation.py

File contents unchanged.

appengine_django/db/creation.pyc

Binary file removed.

appengine_django/mail.py

File contents unchanged.

appengine_django/management/__init__.py

File contents unchanged.

appengine_django/management/__init__.pyc

Binary file removed.

appengine_django/management/commands/__init__.py

File contents unchanged.

appengine_django/management/commands/__init__.pyc

Binary file removed.

appengine_django/management/commands/console.py

File contents unchanged.

appengine_django/management/commands/flush.py

File contents unchanged.

appengine_django/management/commands/reset.py

File contents unchanged.

appengine_django/management/commands/rollback.py

File contents unchanged.

appengine_django/management/commands/runserver.py

File contents unchanged.

appengine_django/management/commands/startapp.py

File contents unchanged.

appengine_django/management/commands/startapp.pyc

Binary file removed.

appengine_django/management/commands/testserver.py

File contents unchanged.

appengine_django/management/commands/update.py

File contents unchanged.

appengine_django/management/commands/vacuum_indexes.py

File contents unchanged.

appengine_django/models.py

File contents unchanged.

appengine_django/replacement_imp.py

File contents unchanged.

appengine_django/serializer/__init__.py

File contents unchanged.

appengine_django/serializer/__init__.pyc

Binary file removed.

appengine_django/serializer/json.py

File contents unchanged.

appengine_django/serializer/json.pyc

Binary file removed.

appengine_django/serializer/python.py

File contents unchanged.

appengine_django/serializer/python.pyc

Binary file removed.

appengine_django/serializer/pyyaml.py

File contents unchanged.

appengine_django/serializer/pyyaml.pyc

Binary file removed.

appengine_django/serializer/xml.py

File contents unchanged.

appengine_django/sessions/__init__.py

File contents unchanged.

appengine_django/sessions/backends/__init__.py

File contents unchanged.

appengine_django/sessions/backends/__init__.pyc

Binary file removed.

appengine_django/sessions/backends/db.py

File contents unchanged.

appengine_django/sessions/models.py

File contents unchanged.

appengine_django/tests/__init__.py

File contents unchanged.

appengine_django/tests/commands_test.py

File contents unchanged.

appengine_django/tests/core_test.py

File contents unchanged.

appengine_django/tests/db_test.py

File contents unchanged.

appengine_django/tests/integration_test.py

File contents unchanged.

appengine_django/tests/memcache_test.py

File contents unchanged.

appengine_django/tests/model_test.py

File contents unchanged.

appengine_django/tests/serialization_test.py

File contents unchanged.

context/__init__.py

File contents unchanged.

context/__init__.pyc

Binary file removed.

context/context_processors.py

     if settings.BLOG_TITLE != '':
         blog_title = settings.BLOG_TITLE
 
-    if settings.DISQUSS == 'True':
-        discuss=True
+    if settings.DISQUS == 'True':
+        disqus=True
     else:
-        discuss=False
+        disqus=False
 
     if settings.ANALYTICS == 'True':
         ga=True
     else:
         ga=False
+    
+    if settings.FBLIKE == 'True':
+        fblike=True
+    else:
+        fblike=False
 
-    return {'context_pages':context_pages, 'blog_title':blog_title, 'discuss':discuss, 'ga':ga}
+    return {'context_pages':context_pages, 'blog_title':blog_title, 'disqus':disqus, 'ga':ga, 'fblike':fblike}
     
 def daily_quote(request):
     if memcache.get('today_quote'):

context/context_processors.pyc

Binary file removed.

django.zip

Binary file modified.

index.yaml

File contents unchanged.

licence.txt

File contents unchanged.

main.py

File contents unchanged.

manage.py

File contents unchanged.

markdown/.DS_Store

Binary file added.

markdown/__init__.py

File contents unchanged.

markdown/__init__.pyc

Binary file removed.

markdown/blockparser.py

File contents unchanged.

markdown/blockparser.pyc

Binary file removed.

markdown/blockprocessors.py

File contents unchanged.

markdown/blockprocessors.pyc

Binary file removed.

markdown/commandline.py

File contents unchanged.

markdown/etree_loader.py

File contents unchanged.

markdown/etree_loader.pyc

Binary file removed.

markdown/extensions/__init__.py

File contents unchanged.

markdown/extensions/__init__.pyc

Binary file removed.

markdown/extensions/abbr.py

File contents unchanged.

markdown/extensions/codehilite.py

File contents unchanged.

markdown/extensions/codehilite.pyc

Binary file removed.

markdown/extensions/def_list.py

File contents unchanged.

markdown/extensions/extra.py

File contents unchanged.

markdown/extensions/fenced_code.py

File contents unchanged.

markdown/extensions/footnotes.py

File contents unchanged.

markdown/extensions/headerid.py

File contents unchanged.

markdown/extensions/html_tidy.py

File contents unchanged.

markdown/extensions/imagelinks.py

File contents unchanged.

markdown/extensions/meta.py

File contents unchanged.

markdown/extensions/rss.py

File contents unchanged.

markdown/extensions/tables.py

File contents unchanged.

markdown/extensions/toc.py

File contents unchanged.

markdown/extensions/wikilinks.py

File contents unchanged.

markdown/html4.py

File contents unchanged.

markdown/html4.pyc

Binary file removed.

markdown/inlinepatterns.py

File contents unchanged.

markdown/inlinepatterns.pyc

Binary file removed.

markdown/odict.py

File contents unchanged.

markdown/odict.pyc

Binary file removed.

markdown/postprocessors.py

File contents unchanged.

markdown/postprocessors.pyc

Binary file removed.

markdown/preprocessors.py

File contents unchanged.

markdown/preprocessors.pyc

Binary file removed.

markdown/treeprocessors.py

File contents unchanged.

markdown/treeprocessors.pyc

Binary file removed.

media/__init__.py

File contents unchanged.

media/fileform.py

File contents unchanged.

media/models.py

File contents unchanged.
 from django.http import HttpResponseRedirect, Http404, HttpResponse
 from django.shortcuts import render_to_response
 from django.conf import settings
+from django.views.decorators.csrf import csrf_exempt
 
 from google.appengine.ext import blobstore
 from google.appengine.api import memcache
     return HttpResponseRedirect('/media/')
 
 
+@csrf_exempt
 @login_required
 def upload(request):
     form = None

pages/__init__.py

File contents unchanged.

pages/__init__.pyc

Binary file removed.

pages/contactform.py

File contents unchanged.

pages/contactform.pyc

Binary file removed.
     navbar = db.BooleanProperty()
     publish = db.BooleanProperty()
     created = db.DateTimeProperty(auto_now_add=True)
+    last_update = db.DateTimeProperty(auto_now=True)
     author = db.UserProperty(auto_current_user_add=True)
 
     def get_absolute_url(self):

pages/models.pyc

Binary file removed.

pages/pageform.py

File contents unchanged.

pages/pageform.pyc

Binary file removed.
 from django.http import HttpResponseRedirect, Http404
 from django.template import RequestContext
 from django.conf import settings
+from django.core.context_processors import csrf
+
 
 # App module
 from pages import models
 
 @login_required
 def newPage(request):
+    c = {}
+    c.update(csrf(request))
     pageForm = None
     if request.method == 'POST':
         newPage = PageForm(request.POST)
     if pageForm is None:
         pageForm = PageForm()
 
-    return render_to_response('admin/newpage.html', {
-                                                     'pageForm':pageForm})
+    return render_to_response('admin/newpage.html', {'pageForm':pageForm},
+                                                    context_instance=RequestContext(request))
 
 
 @login_required
 def editPage(request, key):
+    c = {}
+    c.update(csrf(request))
     pageForm = None
     if request.method == 'POST':
         form = PageForm(request.POST)
                                          'template':page.template,
                                          'publish':page.publish})
     return render_to_response('admin/newpage.html', {'pageForm':pageForm,
-                                                     'action':page.get_edit_url()})
+                                                     'action':page.get_edit_url()},
+                                                     context_instance=RequestContext(request))
 
 @login_required
 def delPage(request, key):
 
 
 def contact(request):
+    c = {}
+    c.update(csrf(request))
     form = None
     msg = None
     if request.method == 'POST':

pages/views.pyc

Binary file removed.

posts/__init__.py

File contents unchanged.
     category = db.CategoryProperty()
     tags = db.StringListProperty()
     pub_date = db.DateTimeProperty(auto_now_add=True)
+    last_update = db.DateTimeProperty(auto_now=True)
     author = db.UserProperty(auto_current_user_add=True)
 
     def get_absolute_url(self):

posts/postform.py

File contents unchanged.

posts/rss.py

File contents unchanged.
 from django.shortcuts import render_to_response
 from django.template import RequestContext
 from django.http import HttpResponseRedirect, Http404
-
 from django.conf import settings
+from django.core.context_processors import csrf
 
 from google.appengine.api import memcache
 
   if cat_list:
       for cat in sorted(cat_list):
         sorted_cat_list.append({'category': cat,
-                      'count':cat_list[cat],
-                      'url': '/posts/category/%s' % cat.replace(' ','-'),
-                      })
+                                  'count':cat_list[cat],
+                                  'url': '/posts/category/%s' % cat.replace(' ','-'),
+                                  })
 
 
   # get all tags
 
 @login_required
 def newPost(request):
+  c = {}
+  c.update(csrf(request))
   postForm = None
   if request.method == 'POST':
     newPost = postform.PostForm(request.POST)
 
   if postForm is None:
     postForm = postform.PostForm()
+
   return render_to_response('admin/newpost.html', {
-                          'postForm':postForm})
+                          'postForm':postForm},context_instance=RequestContext(request))
 
 
 
 @login_required
 def editPost(request, year, month, day, key):
+  c = {}
+  c.update(csrf(request))
   if request.method == 'POST':
     post = models.Post.get(key)
     if post:
 
     return render_to_response('admin/newpost.html', {
                              'postForm':editPostForm,
-                             'action':post.get_edit_url(),})
+                             'action':post.get_edit_url()},context_instance=RequestContext(request))
 
 
 

pygments/.DS_Store

Binary file added.

pygments/__init__.py

File contents unchanged.

pygments/__init__.pyc

Binary file removed.

pygments/cmdline.py

File contents unchanged.

pygments/console.py

File contents unchanged.

pygments/filter.py

File contents unchanged.

pygments/filters/__init__.py

File contents unchanged.

pygments/formatter.py

File contents unchanged.

pygments/formatters/__init__.py

File contents unchanged.

pygments/formatters/_mapping.py

File contents unchanged.

pygments/formatters/bbcode.py

File contents unchanged.

pygments/formatters/html.py

File contents unchanged.

pygments/formatters/img.py

File contents unchanged.

pygments/formatters/latex.py

File contents unchanged.

pygments/formatters/other.py

File contents unchanged.

pygments/formatters/rtf.py

File contents unchanged.

pygments/formatters/svg.py

File contents unchanged.

pygments/formatters/terminal.py

File contents unchanged.

pygments/formatters/terminal256.py

File contents unchanged.

pygments/lexer.py

File contents unchanged.

pygments/lexers/__init__.py

File contents unchanged.

pygments/lexers/_asybuiltins.py

File contents unchanged.

pygments/lexers/_clbuiltins.py

File contents unchanged.

pygments/lexers/_luabuiltins.py

File contents unchanged.

pygments/lexers/_mapping.py

File contents unchanged.

pygments/lexers/_phpbuiltins.py

File contents unchanged.

pygments/lexers/_vimbuiltins.py

File contents unchanged.

pygments/lexers/agile.py

File contents unchanged.

pygments/lexers/asm.py

File contents unchanged.

pygments/lexers/compiled.py

File contents unchanged.

pygments/lexers/dotnet.py

File contents unchanged.

pygments/lexers/functional.py

File contents unchanged.

pygments/lexers/hdl.py

File contents unchanged.

pygments/lexers/math.py

File contents unchanged.

pygments/lexers/other.py

File contents unchanged.

pygments/lexers/parsers.py

File contents unchanged.

pygments/lexers/special.py

File contents unchanged.

pygments/lexers/templates.py

File contents unchanged.

pygments/lexers/text.py

File contents unchanged.

pygments/lexers/web.py

File contents unchanged.

pygments/plugin.py

File contents unchanged.

pygments/scanner.py

File contents unchanged.

pygments/style.py

File contents unchanged.

pygments/styles/__init__.py

File contents unchanged.

pygments/styles/autumn.py

File contents unchanged.

pygments/styles/borland.py

File contents unchanged.

pygments/styles/bw.py

File contents unchanged.

pygments/styles/colorful.py

File contents unchanged.

pygments/styles/default.py

File contents unchanged.

pygments/styles/emacs.py

File contents unchanged.

pygments/styles/friendly.py

File contents unchanged.

pygments/styles/fruity.py

File contents unchanged.

pygments/styles/manni.py

File contents unchanged.

pygments/styles/monokai.py

File contents unchanged.

pygments/styles/murphy.py

File contents unchanged.

pygments/styles/native.py

File contents unchanged.

pygments/styles/pastie.py

File contents unchanged.

pygments/styles/perldoc.py

File contents unchanged.

pygments/styles/tango.py

File contents unchanged.

pygments/styles/trac.py

File contents unchanged.

pygments/styles/vim.py

File contents unchanged.

pygments/styles/vs.py

File contents unchanged.

pygments/token.py

File contents unchanged.

pygments/unistring.py

File contents unchanged.

pygments/util.py

File contents unchanged.

pygments/util.pyc

Binary file removed.

resources/.DS_Store

Binary file added.

resources/css/960.css

File contents unchanged.

resources/css/admin.css

File contents unchanged.

resources/css/codehilite.css

 table.codehilitetable{margin:0 0 0 20px;}
 .codehilitetable td{background-color:#D7F5E1; padding:5px;}
-.codehilite pre { margin-left: 1em; overflow: auto;  width:100%;padding:5px;}
+.codehilite pre { margin-left: 1em; overflow: auto;  width:90%;padding:5px;background-color:E3E6E4;}
 
 .hll { background-color: #ffffcc }
 .c { color: #408080; font-style: italic } /* Comment */

resources/css/reset.css

File contents unchanged.

resources/css/text.css

File contents unchanged.

resources/css/theme.css

 body{
 	background-color:#2A378C;
+    background-image:url('/resources/img/small/bg.png');
 	text-shadow: 0px 1px 1px #fff;
 }
 
 header hgroup, hgroup a{
-    color:white;
+    color:black;
     text-shadow:none;
     text-decoration:none;
 }
 	-moz-border-radius:6px;
 	-webkit-border-radius:6px;
 	border-radius:6px;
-	color:white;
+	color:blue;
 	text-shadow: none;
 }
 
 	text-decoration:none;
 }
 
-#main-content .date{
-}
-
 #main-content p{
 	margin-top:15px;
 }
 	font-weight:bold;
 }
 
+#main-content .tags{
+    float:right;
+    margin: 0 20px;
+    font-weight:bold;
+}
+
 a.comment-link{
     float:right;
     margin:0 20px;
 }
 
+a.post-tag{
+    background-color:#E0EAF1;
+    border-bottom:1px solid #3E6D8E;
+    border-right:1px solid #7F9FB6;
+    color:#3E6D8E;
+    font-size:90%;
+    line-height:2.4;
+    margin:2px 2px 2px 0;
+    padding:3px 4px;
+    text-decoration:none;
+    white-space:nowrap;
+    cursor:pointer;
+    text-shadow:none;
+}
+
+a.post-tag:hover{
+    background-color:#3E6D8E;
+    border-bottom:1px solid #37607D;
+    border-right:1px solid #37607D;
+    color:#E0EAF1;
+    text-decoration:none;
+}
+
 
 #side-menu{
 	background: rgba(255,255,255,0.7);

resources/img/small/bg.png

Added
New image

resources/img/small/close_quote.gif

Old
Old image
New
New image

resources/img/small/doublequote.gif

Old
Old image
New
New image

resources/img/small/download.png

Old
Old image
New
New image

resources/img/small/edit.png

Old
Old image
New
New image

resources/img/small/open_quote.gif

Old
Old image
New
New image

resources/img/small/rssfeed.jpg

Old
Old image
New
New image

resources/img/small/trash.png

Old
Old image
New
New image
     'django.middleware.common.CommonMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
     'google.appengine.ext.appstats.recording.AppStatsDjangoMiddleware',
+    'django.middleware.csrf.CsrfViewMiddleware',
 #    'django.contrib.auth.middleware.AuthenticationMiddleware',
 #    'django.middleware.doc.XViewMiddleware',
 )
 )
 
 # APP SETTINGS
-APPNAME = 'your-app-name'                               
-BLOG_TITLE = 'your-blog-title'                      # This will show on header of the blog
-SITE_URL = 'http://your-app-name.appspot.com'       # Put AppEngine URL here
+APPNAME = 'your-appname'                               
+BLOG_TITLE = 'your-blog-name'                      # This will show on header of the blog
+SITE_URL = 'http://appname.appspot.com'       # Put AppEngine URL here
 AUTHOR = 'your-name'                                # Put Your Name
-AUTHOR_EMAIL = 'your-email'                         # Put Your Email
+AUTHOR_EMAIL = 'your-email'                         # Put Your Email, will be used to let user contact you from your blog
 PAGESIZE = 10                                       # This is how many posts will show on home page
 
 # Extension
-DISQUSS = 'False'      #Disquss is a comment system for blog.  http://disqus.com
+DISQUS = 'False'      #Disquss is a comment system for blog.  http://disqus.com
 ANALYTICS = 'False'    #Google analytics integration
 FBLIKE = 'False'       #Facebook Like Button. Set this to True will enable fblike automatically on every post. No additional action required.
 

templates/.DS_Store

Binary file added.

templates/admin/base.html

File contents unchanged.

templates/admin/footer.html

File contents unchanged.

templates/admin/header.html

File contents unchanged.

templates/admin/medialist.html

File contents unchanged.

templates/admin/newpage.html

 {% extends 'admin/base.html' %}
 
 {% block content %}
-<form class="uniform" method="POST" action="{% if action %}{{ action }}{% else %}/page/new/{% endif %}">
+<form class="uniform" method="POST" action="{% if action %}{{ action }}{% else %}/page/new/{% endif %}">{% csrf_token %}
 {% if pageForm.key %}{{ pageForm.key }}{% endif %}
 <fieldset>
 <div class="left-form">

templates/admin/newpost.html

 {% extends 'admin/base.html' %}
 
 {% block content %}
-<form class="uniform" method="POST" action="{% if action %}{{ action }}{% else %}/post/new/{% endif %}">
+<form class="uniform" method="POST" action="{% if action %}{{ action }}{% else %}/post/new/{% endif %}">{% csrf_token %}
 {% if postForm.key %}{{ postForm.key }}{% endif %}
 <fieldset>
 <div class="left-form">

templates/admin/pagelist.html

File contents unchanged.

templates/admin/postlist.html

 				</tr>
 			{% endfor %}
 		{% else %}
-			<tr><td colspan="3" style="text-align:left;font-size:15">No Post</td></tr>
+			<tr><td colspan="5" style="text-align:left;font-size:15">No Post</td></tr>
 		{% endif %}
 		</tbody>
 	</table>

templates/admin/upload.html

 
 {% block content %}
 <div style="width:420px">
-	<form action="{{ upload_url }}" method="POST" enctype="multipart/form-data">
+	<form action="{{ upload_url }}" method="POST" enctype="multipart/form-data">{% csrf_token %}
 	{% if upload_error %}<span>{{ upload_error }}</span>{% endif %}
 
 	{{ form.as_p }}

templates/feeds/latest_description.html

File contents unchanged.

templates/feeds/latest_title.html

File contents unchanged.

templates/front/base.html

File contents unchanged.

templates/front/footer.html

 </div>
 
 <!-- Disquss -->
-{% if discuss %}
-<!-- Put Disquss 'count.js' Script Here. -->
+{% if disqus %}
+<!-- Put disquss count.js script here -->
+
 {% endif %}
 
 <!-- Google Analytics -->
 {% if ga %}
-<!-- Put Google Analytics Script Here. -->
+<!-- Put google analytics script here -->
+
 {% endif %}

templates/front/header.html

File contents unchanged.

templates/front/post.html

 
 {% block main_content %}
 	<h3 class="title">{{ post.title}}</h3>
-	<span class="date">Writen at {{ post.pub_date.year }}-{{ post.pub_date.month }}-{{ post.pub_date.day }}</span>
+	<span class="date">last updated at {{ post.last_update.year }}-{{ post.last_update.month }}-{{ post.last_update.day }}</span>
+    <span class="tags">tags: &nbsp;
+        {% for t in post.tags %}
+            <a class="post-tag" href="/posts/tag/{{ t }}">{{ t }}</a>
+        {% endfor %}
+    </span>
 	<p>
 		{% autoescape off %}
 		{{ post.body_html|safe }}
 		{% endautoescape %}
 	</p>
-	<div class="clear"  style="height:50"></div>
+    <div class="clear"  style="height:50"></div>
     {% if fblike %}
     <script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script><fb:like href="{{ post.get_absolute_url }}"></fb:like>
     {% endif %}
     
-	{% if discuss %}
-	<!-- Put Disquss Script Here. -->
+	{% if disqus %}
+	<!-- Put disquss thread script here -->
+    
 	{% endif %}
+    
 {% endblock %}
 
 

templates/front/stream.html

 {% if posts %}
 {% for p in posts %}
 	<h3 class="title"><a href="{{ p.get_absolute_url }}">{{ p.title}}</a></h3>
-	<span class="date">Writen at {{ p.pub_date.year }}-{{ p.pub_date.month }}-{{ p.pub_date.day }} by {{ p.author.nickname }}</span>
+	<span class="date">written at {{ p.last_update.year }}-{{ p.last_update.month }}-{{ p.last_update.day }} by {{ p.author.nickname }}</span>
+    <span class="tags">tags: &nbsp;
+        {% for t in p.tags %}
+            <a class="post-tag" href="/posts/tag/{{ t }}">{{ t }}</a>
+        {% endfor %}
+    </span>
 	<p>
 		{% autoescape off %}
 		{{ p.trunc_body }}
     <script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script><fb:like href="{{ p.get_absolute_url }}" layout="button_count"></fb:like>	
     {% endif %}
     
-    {% if discuss %}
+    {% if disqus %}
     <a class="comment-link" href="{{ p.get_absolute_url }}#disqus_thread">Comments</a>
 	{% endif %}
     
+    <hr style="color:white">
     <div class="clear"></div>
 {% endfor %}
 

templates/pages/about.html

File contents unchanged.

templates/pages/base.html

File contents unchanged.

templates/pages/contact.html

 
 {% block main_content %}
 <div style="width:400px">
-	<form action="/contact/" method="POST">
+	<form action="/contact/" method="POST">{% csrf_token %}
 		<fieldset>
 			<div class="ctrlHolder">
 				<label for="id_name" style="display:block">Name {{ form.name.errors }}</label>

templates/pages/default.html

File contents unchanged.

templates/pages/work.html

File contents unchanged.

urls.py

File contents unchanged.

utilities/__init__.py

File contents unchanged.

utilities/auth_helper.py

File contents unchanged.

utilities/blob_helper.py

File contents unchanged.

utilities/log_helper.py

File contents unchanged.