Commits

Hudarsono Hu committed 914bd8a

Added csrf validation

Comments (0)

Files changed (238)

File contents unchanged.
File contents unchanged.
File contents unchanged.

.pydevproject

File contents unchanged.
File contents unchanged.
File contents unchanged.
-application: app-name      # change this to your app-name
+application: your-appname      # change this to your app-name
 version: 1
 runtime: python
 api_version: 1

appengine_django/__init__.py

File contents unchanged.

appengine_django/auth/__init__.py

File contents unchanged.

appengine_django/auth/decorators.py

File contents unchanged.

appengine_django/auth/middleware.py

File contents unchanged.

appengine_django/auth/models.py

File contents unchanged.

appengine_django/auth/templatetags.py

File contents unchanged.

appengine_django/auth/tests.py

File contents unchanged.

appengine_django/conf/app_template/__init__.py

File contents unchanged.

appengine_django/conf/app_template/models.py

File contents unchanged.

appengine_django/conf/app_template/views.py

File contents unchanged.

appengine_django/db/__init__.py

File contents unchanged.

appengine_django/db/__init__.pyc

Binary file removed.

appengine_django/db/base.py

File contents unchanged.

appengine_django/db/base.pyc

Binary file removed.

appengine_django/db/creation.py

File contents unchanged.

appengine_django/db/creation.pyc

Binary file removed.

appengine_django/mail.py

File contents unchanged.

appengine_django/management/__init__.py

File contents unchanged.

appengine_django/management/__init__.pyc

Binary file removed.

appengine_django/management/commands/__init__.py

File contents unchanged.

appengine_django/management/commands/__init__.pyc

Binary file removed.

appengine_django/management/commands/console.py

File contents unchanged.

appengine_django/management/commands/flush.py

File contents unchanged.

appengine_django/management/commands/reset.py

File contents unchanged.

appengine_django/management/commands/rollback.py

File contents unchanged.

appengine_django/management/commands/runserver.py

File contents unchanged.

appengine_django/management/commands/startapp.py

File contents unchanged.

appengine_django/management/commands/startapp.pyc

Binary file removed.

appengine_django/management/commands/testserver.py

File contents unchanged.

appengine_django/management/commands/update.py

File contents unchanged.

appengine_django/management/commands/vacuum_indexes.py

File contents unchanged.

appengine_django/models.py

File contents unchanged.

appengine_django/replacement_imp.py

File contents unchanged.

appengine_django/serializer/__init__.py

File contents unchanged.

appengine_django/serializer/__init__.pyc

Binary file removed.

appengine_django/serializer/json.py

File contents unchanged.

appengine_django/serializer/json.pyc

Binary file removed.

appengine_django/serializer/python.py

File contents unchanged.

appengine_django/serializer/python.pyc

Binary file removed.

appengine_django/serializer/pyyaml.py

File contents unchanged.

appengine_django/serializer/pyyaml.pyc

Binary file removed.

appengine_django/serializer/xml.py

File contents unchanged.

appengine_django/sessions/__init__.py

File contents unchanged.

appengine_django/sessions/backends/__init__.py

File contents unchanged.

appengine_django/sessions/backends/__init__.pyc

Binary file removed.

appengine_django/sessions/backends/db.py

File contents unchanged.

appengine_django/sessions/models.py

File contents unchanged.

appengine_django/tests/__init__.py

File contents unchanged.

appengine_django/tests/commands_test.py

File contents unchanged.

appengine_django/tests/core_test.py

File contents unchanged.

appengine_django/tests/db_test.py

File contents unchanged.

appengine_django/tests/integration_test.py

File contents unchanged.

appengine_django/tests/memcache_test.py

File contents unchanged.

appengine_django/tests/model_test.py

File contents unchanged.

appengine_django/tests/serialization_test.py

File contents unchanged.

context/__init__.py

File contents unchanged.

context/__init__.pyc

Binary file removed.

context/context_processors.py

     if settings.BLOG_TITLE != '':
         blog_title = settings.BLOG_TITLE
 
-    if settings.DISQUSS == 'True':
-        discuss=True
+    if settings.DISQUS == 'True':
+        disqus=True
     else:
-        discuss=False
+        disqus=False
 
     if settings.ANALYTICS == 'True':
         ga=True
     else:
         ga=False
+    
+    if settings.FBLIKE == 'True':
+        fblike=True
+    else:
+        fblike=False
 
-    return {'context_pages':context_pages, 'blog_title':blog_title, 'discuss':discuss, 'ga':ga}
+    return {'context_pages':context_pages, 'blog_title':blog_title, 'disqus':disqus, 'ga':ga, 'fblike':fblike}
     
 def daily_quote(request):
     if memcache.get('today_quote'):

context/context_processors.pyc

Binary file removed.
Binary file modified.
File contents unchanged.
File contents unchanged.
File contents unchanged.
File contents unchanged.

markdown/.DS_Store

Binary file added.

markdown/__init__.py

File contents unchanged.

markdown/__init__.pyc

Binary file removed.

markdown/blockparser.py

File contents unchanged.

markdown/blockparser.pyc

Binary file removed.

markdown/blockprocessors.py

File contents unchanged.

markdown/blockprocessors.pyc

Binary file removed.

markdown/commandline.py

File contents unchanged.

markdown/etree_loader.py

File contents unchanged.

markdown/etree_loader.pyc

Binary file removed.

markdown/extensions/__init__.py

File contents unchanged.

markdown/extensions/__init__.pyc

Binary file removed.

markdown/extensions/abbr.py

File contents unchanged.

markdown/extensions/codehilite.py

File contents unchanged.

markdown/extensions/codehilite.pyc

Binary file removed.

markdown/extensions/def_list.py

File contents unchanged.

markdown/extensions/extra.py

File contents unchanged.

markdown/extensions/fenced_code.py

File contents unchanged.

markdown/extensions/footnotes.py

File contents unchanged.

markdown/extensions/headerid.py

File contents unchanged.

markdown/extensions/html_tidy.py

File contents unchanged.

markdown/extensions/imagelinks.py

File contents unchanged.

markdown/extensions/meta.py

File contents unchanged.

markdown/extensions/rss.py

File contents unchanged.

markdown/extensions/tables.py

File contents unchanged.

markdown/extensions/toc.py

File contents unchanged.

markdown/extensions/wikilinks.py

File contents unchanged.

markdown/html4.py

File contents unchanged.

markdown/html4.pyc

Binary file removed.

markdown/inlinepatterns.py

File contents unchanged.

markdown/inlinepatterns.pyc

Binary file removed.

markdown/odict.py

File contents unchanged.

markdown/odict.pyc

Binary file removed.

markdown/postprocessors.py

File contents unchanged.

markdown/postprocessors.pyc

Binary file removed.

markdown/preprocessors.py

File contents unchanged.

markdown/preprocessors.pyc

Binary file removed.

markdown/treeprocessors.py

File contents unchanged.

markdown/treeprocessors.pyc

Binary file removed.

media/__init__.py

File contents unchanged.

media/fileform.py

File contents unchanged.

media/models.py

File contents unchanged.
 from django.http import HttpResponseRedirect, Http404, HttpResponse
 from django.shortcuts import render_to_response
 from django.conf import settings
+from django.views.decorators.csrf import csrf_exempt
 
 from google.appengine.ext import blobstore
 from google.appengine.api import memcache
     return HttpResponseRedirect('/media/')
 
 
+@csrf_exempt
 @login_required
 def upload(request):
     form = None

pages/__init__.py

File contents unchanged.

pages/__init__.pyc

Binary file removed.

pages/contactform.py

File contents unchanged.

pages/contactform.pyc

Binary file removed.
     navbar = db.BooleanProperty()
     publish = db.BooleanProperty()
     created = db.DateTimeProperty(auto_now_add=True)
+    last_update = db.DateTimeProperty(auto_now=True)
     author = db.UserProperty(auto_current_user_add=True)
 
     def get_absolute_url(self):

pages/models.pyc

Binary file removed.

pages/pageform.py

File contents unchanged.

pages/pageform.pyc

Binary file removed.
 from django.http import HttpResponseRedirect, Http404
 from django.template import RequestContext
 from django.conf import settings
+from django.core.context_processors import csrf
+
 
 # App module
 from pages import models
 
 @login_required
 def newPage(request):
+    c = {}
+    c.update(csrf(request))
     pageForm = None
     if request.method == 'POST':
         newPage = PageForm(request.POST)
     if pageForm is None:
         pageForm = PageForm()
 
-    return render_to_response('admin/newpage.html', {
-                                                     'pageForm':pageForm})
+    return render_to_response('admin/newpage.html', {'pageForm':pageForm},
+                                                    context_instance=RequestContext(request))
 
 
 @login_required
 def editPage(request, key):
+    c = {}
+    c.update(csrf(request))
     pageForm = None
     if request.method == 'POST':
         form = PageForm(request.POST)
                                          'template':page.template,
                                          'publish':page.publish})
     return render_to_response('admin/newpage.html', {'pageForm':pageForm,
-                                                     'action':page.get_edit_url()})
+                                                     'action':page.get_edit_url()},
+                                                     context_instance=RequestContext(request))
 
 @login_required
 def delPage(request, key):
 
 
 def contact(request):
+    c = {}
+    c.update(csrf(request))
     form = None
     msg = None
     if request.method == 'POST':

pages/views.pyc

Binary file removed.

posts/__init__.py

File contents unchanged.
     category = db.CategoryProperty()
     tags = db.StringListProperty()
     pub_date = db.DateTimeProperty(auto_now_add=True)
+    last_update = db.DateTimeProperty(auto_now=True)
     author = db.UserProperty(auto_current_user_add=True)
 
     def get_absolute_url(self):

posts/postform.py

File contents unchanged.
File contents unchanged.
 from django.shortcuts import render_to_response
 from django.template import RequestContext
 from django.http import HttpResponseRedirect, Http404
-
 from django.conf import settings
+from django.core.context_processors import csrf
 
 from google.appengine.api import memcache
 
   if cat_list:
       for cat in sorted(cat_list):
         sorted_cat_list.append({'category': cat,
-                      'count':cat_list[cat],
-                      'url': '/posts/category/%s' % cat.replace(' ','-'),
-                      })
+                                  'count':cat_list[cat],
+                                  'url': '/posts/category/%s' % cat.replace(' ','-'),
+                                  })
 
 
   # get all tags
 
 @login_required
 def newPost(request):
+  c = {}
+  c.update(csrf(request))
   postForm = None
   if request.method == 'POST':
     newPost = postform.PostForm(request.POST)
 
   if postForm is None:
     postForm = postform.PostForm()
+
   return render_to_response('admin/newpost.html', {
-                          'postForm':postForm})
+                          'postForm':postForm},context_instance=RequestContext(request))
 
 
 
 @login_required
 def editPost(request, year, month, day, key):
+  c = {}
+  c.update(csrf(request))
   if request.method == 'POST':
     post = models.Post.get(key)
     if post:
 
     return render_to_response('admin/newpost.html', {
                              'postForm':editPostForm,
-                             'action':post.get_edit_url(),})
+                             'action':post.get_edit_url()},context_instance=RequestContext(request))
 
 
 

pygments/.DS_Store

Binary file added.

pygments/__init__.py

File contents unchanged.

pygments/__init__.pyc

Binary file removed.

pygments/cmdline.py

File contents unchanged.

pygments/console.py

File contents unchanged.

pygments/filter.py

File contents unchanged.

pygments/filters/__init__.py

File contents unchanged.

pygments/formatter.py

File contents unchanged.

pygments/formatters/__init__.py

File contents unchanged.

pygments/formatters/_mapping.py

File contents unchanged.

pygments/formatters/bbcode.py

File contents unchanged.

pygments/formatters/html.py

File contents unchanged.

pygments/formatters/img.py

File contents unchanged.

pygments/formatters/latex.py

File contents unchanged.

pygments/formatters/other.py

File contents unchanged.

pygments/formatters/rtf.py

File contents unchanged.

pygments/formatters/svg.py

File contents unchanged.

pygments/formatters/terminal.py

File contents unchanged.

pygments/formatters/terminal256.py

File contents unchanged.

pygments/lexer.py

File contents unchanged.

pygments/lexers/__init__.py

File contents unchanged.

pygments/lexers/_asybuiltins.py

File contents unchanged.

pygments/lexers/_clbuiltins.py

File contents unchanged.

pygments/lexers/_luabuiltins.py

File contents unchanged.

pygments/lexers/_mapping.py

File contents unchanged.

pygments/lexers/_phpbuiltins.py

File contents unchanged.

pygments/lexers/_vimbuiltins.py

File contents unchanged.

pygments/lexers/agile.py

File contents unchanged.

pygments/lexers/asm.py

File contents unchanged.

pygments/lexers/compiled.py

File contents unchanged.

pygments/lexers/dotnet.py

File contents unchanged.

pygments/lexers/functional.py

File contents unchanged.

pygments/lexers/hdl.py

File contents unchanged.

pygments/lexers/math.py

File contents unchanged.

pygments/lexers/other.py

File contents unchanged.

pygments/lexers/parsers.py

File contents unchanged.

pygments/lexers/special.py

File contents unchanged.

pygments/lexers/templates.py

File contents unchanged.

pygments/lexers/text.py

File contents unchanged.

pygments/lexers/web.py

File contents unchanged.

pygments/plugin.py

File contents unchanged.

pygments/scanner.py

File contents unchanged.

pygments/style.py

File contents unchanged.

pygments/styles/__init__.py

File contents unchanged.

pygments/styles/autumn.py

File contents unchanged.

pygments/styles/borland.py

File contents unchanged.

pygments/styles/bw.py

File contents unchanged.

pygments/styles/colorful.py

File contents unchanged.

pygments/styles/default.py

File contents unchanged.

pygments/styles/emacs.py

File contents unchanged.

pygments/styles/friendly.py

File contents unchanged.

pygments/styles/fruity.py

File contents unchanged.

pygments/styles/manni.py

File contents unchanged.

pygments/styles/monokai.py

File contents unchanged.

pygments/styles/murphy.py

File contents unchanged.

pygments/styles/native.py

File contents unchanged.

pygments/styles/pastie.py

File contents unchanged.

pygments/styles/perldoc.py

File contents unchanged.

pygments/styles/tango.py

File contents unchanged.

pygments/styles/trac.py

File contents unchanged.

pygments/styles/vim.py

File contents unchanged.

pygments/styles/vs.py

File contents unchanged.

pygments/token.py

File contents unchanged.

pygments/unistring.py

File contents unchanged.

pygments/util.py

File contents unchanged.

pygments/util.pyc

Binary file removed.

resources/.DS_Store

Binary file added.

resources/css/960.css

File contents unchanged.

resources/css/admin.css

File contents unchanged.

resources/css/codehilite.css

 table.codehilitetable{margin:0 0 0 20px;}
 .codehilitetable td{background-color:#D7F5E1; padding:5px;}
-.codehilite pre { margin-left: 1em; overflow: auto;  width:100%;padding:5px;}
+.codehilite pre { margin-left: 1em; overflow: auto;  width:90%;padding:5px;background-color:E3E6E4;}
 
 .hll { background-color: #ffffcc }
 .c { color: #408080; font-style: italic } /* Comment */

resources/css/reset.css

File contents unchanged.

resources/css/text.css

File contents unchanged.

resources/css/theme.css

 body{
 	background-color:#2A378C;
+    background-image:url('/resources/img/small/bg.png');
 	text-shadow: 0px 1px 1px #fff;
 }
 
 header hgroup, hgroup a{
-    color:white;
+    color:black;
     text-shadow:none;
     text-decoration:none;
 }
 	-moz-border-radius:6px;
 	-webkit-border-radius:6px;
 	border-radius:6px;
-	color:white;
+	color:blue;
 	text-shadow: none;
 }
 
 	text-decoration:none;
 }
 
-#main-content .date{
-}
-
 #main-content p{
 	margin-top:15px;
 }
 	font-weight:bold;
 }
 
+#main-content .tags{
+    float:right;
+    margin: 0 20px;
+    font-weight:bold;
+}
+
 a.comment-link{
     float:right;
     margin:0 20px;
 }
 
+a.post-tag{
+    background-color:#E0EAF1;
+    border-bottom:1px solid #3E6D8E;
+    border-right:1px solid #7F9FB6;
+    color:#3E6D8E;
+    font-size:90%;
+    line-height:2.4;
+    margin:2px 2px 2px 0;
+    padding:3px 4px;
+    text-decoration:none;
+    white-space:nowrap;
+    cursor:pointer;
+    text-shadow:none;
+}
+
+a.post-tag:hover{
+    background-color:#3E6D8E;
+    border-bottom:1px solid #37607D;
+    border-right:1px solid #37607D;
+    color:#E0EAF1;
+    text-decoration:none;
+}
+
 
 #side-menu{
 	background: rgba(255,255,255,0.7);

resources/img/small/bg.png

Added
New image

resources/img/small/close_quote.gif

Old
Old image
New
New image

resources/img/small/doublequote.gif

Old
Old image
New
New image

resources/img/small/download.png

Old
Old image
New
New image

resources/img/small/edit.png

Old
Old image
New
New image

resources/img/small/open_quote.gif

Old
Old image
New
New image

resources/img/small/rssfeed.jpg

Old
Old image
New
New image

resources/img/small/trash.png

Old
Old image
New
New image
     'django.middleware.common.CommonMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
     'google.appengine.ext.appstats.recording.AppStatsDjangoMiddleware',
+    'django.middleware.csrf.CsrfViewMiddleware',
 #    'django.contrib.auth.middleware.AuthenticationMiddleware',
 #    'django.middleware.doc.XViewMiddleware',
 )
 )
 
 # APP SETTINGS
-APPNAME = 'your-app-name'                               
-BLOG_TITLE = 'your-blog-title'                      # This will show on header of the blog
-SITE_URL = 'http://your-app-name.appspot.com'       # Put AppEngine URL here
+APPNAME = 'your-appname'                               
+BLOG_TITLE = 'your-blog-name'                      # This will show on header of the blog
+SITE_URL = 'http://appname.appspot.com'       # Put AppEngine URL here
 AUTHOR = 'your-name'                                # Put Your Name
-AUTHOR_EMAIL = 'your-email'                         # Put Your Email
+AUTHOR_EMAIL = 'your-email'                         # Put Your Email, will be used to let user contact you from your blog
 PAGESIZE = 10                                       # This is how many posts will show on home page
 
 # Extension
-DISQUSS = 'False'      #Disquss is a comment system for blog.  http://disqus.com
+DISQUS = 'False'      #Disquss is a comment system for blog.  http://disqus.com
 ANALYTICS = 'False'    #Google analytics integration
 FBLIKE = 'False'       #Facebook Like Button. Set this to True will enable fblike automatically on every post. No additional action required.
 

templates/.DS_Store

Binary file added.

templates/admin/base.html

File contents unchanged.

templates/admin/footer.html

File contents unchanged.

templates/admin/header.html

File contents unchanged.

templates/admin/medialist.html

File contents unchanged.

templates/admin/newpage.html

 {% extends 'admin/base.html' %}
 
 {% block content %}
-<form class="uniform" method="POST" action="{% if action %}{{ action }}{% else %}/page/new/{% endif %}">
+<form class="uniform" method="POST" action="{% if action %}{{ action }}{% else %}/page/new/{% endif %}">{% csrf_token %}
 {% if pageForm.key %}{{ pageForm.key }}{% endif %}
 <fieldset>
 <div class="left-form">

templates/admin/newpost.html

 {% extends 'admin/base.html' %}
 
 {% block content %}
-<form class="uniform" method="POST" action="{% if action %}{{ action }}{% else %}/post/new/{% endif %}">
+<form class="uniform" method="POST" action="{% if action %}{{ action }}{% else %}/post/new/{% endif %}">{% csrf_token %}
 {% if postForm.key %}{{ postForm.key }}{% endif %}
 <fieldset>
 <div class="left-form">

templates/admin/pagelist.html

File contents unchanged.

templates/admin/postlist.html

 				</tr>
 			{% endfor %}
 		{% else %}
-			<tr><td colspan="3" style="text-align:left;font-size:15">No Post</td></tr>
+			<tr><td colspan="5" style="text-align:left;font-size:15">No Post</td></tr>
 		{% endif %}
 		</tbody>
 	</table>

templates/admin/upload.html

 
 {% block content %}
 <div style="width:420px">
-	<form action="{{ upload_url }}" method="POST" enctype="multipart/form-data">
+	<form action="{{ upload_url }}" method="POST" enctype="multipart/form-data">{% csrf_token %}
 	{% if upload_error %}<span>{{ upload_error }}</span>{% endif %}
 
 	{{ form.as_p }}

templates/feeds/latest_description.html

File contents unchanged.

templates/feeds/latest_title.html

File contents unchanged.

templates/front/base.html

File contents unchanged.

templates/front/footer.html

 </div>
 
 <!-- Disquss -->
-{% if discuss %}
-<!-- Put Disquss 'count.js' Script Here. -->
+{% if disqus %}
+<!-- Put disquss count.js script here -->
+
 {% endif %}
 
 <!-- Google Analytics -->
 {% if ga %}
-<!-- Put Google Analytics Script Here. -->
+<!-- Put google analytics script here -->
+
 {% endif %}

templates/front/header.html

File contents unchanged.

templates/front/post.html

 
 {% block main_content %}
 	<h3 class="title">{{ post.title}}</h3>
-	<span class="date">Writen at {{ post.pub_date.year }}-{{ post.pub_date.month }}-{{ post.pub_date.day }}</span>
+	<span class="date">last updated at {{ post.last_update.year }}-{{ post.last_update.month }}-{{ post.last_update.day }}</span>
+    <span class="tags">tags: &nbsp;
+        {% for t in post.tags %}
+            <a class="post-tag" href="/posts/tag/{{ t }}">{{ t }}</a>
+        {% endfor %}
+    </span>
 	<p>
 		{% autoescape off %}
 		{{ post.body_html|safe }}
 		{% endautoescape %}
 	</p>
-	<div class="clear"  style="height:50"></div>
+    <div class="clear"  style="height:50"></div>
     {% if fblike %}
     <script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script><fb:like href="{{ post.get_absolute_url }}"></fb:like>
     {% endif %}
     
-	{% if discuss %}
-	<!-- Put Disquss Script Here. -->
+	{% if disqus %}
+	<!-- Put disquss thread script here -->
+    
 	{% endif %}
+    
 {% endblock %}
 
 

templates/front/stream.html

 {% if posts %}
 {% for p in posts %}
 	<h3 class="title"><a href="{{ p.get_absolute_url }}">{{ p.title}}</a></h3>
-	<span class="date">Writen at {{ p.pub_date.year }}-{{ p.pub_date.month }}-{{ p.pub_date.day }} by {{ p.author.nickname }}</span>
+	<span class="date">written at {{ p.last_update.year }}-{{ p.last_update.month }}-{{ p.last_update.day }} by {{ p.author.nickname }}</span>
+    <span class="tags">tags: &nbsp;
+        {% for t in p.tags %}
+            <a class="post-tag" href="/posts/tag/{{ t }}">{{ t }}</a>
+        {% endfor %}
+    </span>
 	<p>
 		{% autoescape off %}
 		{{ p.trunc_body }}
     <script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script><fb:like href="{{ p.get_absolute_url }}" layout="button_count"></fb:like>	
     {% endif %}
     
-    {% if discuss %}
+    {% if disqus %}
     <a class="comment-link" href="{{ p.get_absolute_url }}#disqus_thread">Comments</a>
 	{% endif %}
     
+    <hr style="color:white">
     <div class="clear"></div>
 {% endfor %}
 

templates/pages/about.html

File contents unchanged.

templates/pages/base.html

File contents unchanged.

templates/pages/contact.html

 
 {% block main_content %}
 <div style="width:400px">
-	<form action="/contact/" method="POST">
+	<form action="/contact/" method="POST">{% csrf_token %}
 		<fieldset>
 			<div class="ctrlHolder">
 				<label for="id_name" style="display:block">Name {{ form.name.errors }}</label>

templates/pages/default.html

File contents unchanged.

templates/pages/work.html

File contents unchanged.
File contents unchanged.

utilities/__init__.py

File contents unchanged.

utilities/auth_helper.py

File contents unchanged.

utilities/blob_helper.py

File contents unchanged.

utilities/log_helper.py

File contents unchanged.