From 1c403ae8b3981ce8451bee7ff0e19cabe44ad1a7 Mon Sep 17 00:00:00 2001
From: Yax <1949284+kianby@users.noreply.github.com>
Date: Sat, 31 Jul 2021 05:28:32 +0200
Subject: [PATCH] improve form

---
 stacosys/interface/form.py | 71 ++++++++++++++++----------------------
 1 file changed, 29 insertions(+), 42 deletions(-)

diff --git a/stacosys/interface/form.py b/stacosys/interface/form.py
index 8c288c0..eb5b826 100644
--- a/stacosys/interface/form.py
+++ b/stacosys/interface/form.py
@@ -13,54 +13,41 @@ logger = logging.getLogger(__name__)
 
 @app.route("/newcomment", methods=["POST"])
 def new_form_comment():
-    try:
-        data = request.form
-        logger.info("form data " + str(data))
-
-        # validate token: retrieve site entity
-        token = data.get("token", "")
-        if token != app.config.get("SITE_TOKEN"):
-            abort(401)
-
-        # honeypot for spammers
-        captcha = data.get("remarque", "")
-        if captcha:
-            logger.warning("discard spam: data %s" % data)
-            abort(400)
-
-        url = data.get("url", "")
-        author_name = data.get("author", "").strip()
-        author_gravatar = data.get("email", "").strip()
-        author_site = data.get("site", "").lower().strip()
-        if author_site and author_site[:4] != "http":
-            author_site = "http://" + author_site
-        message = data.get("message", "")
-
-        # anti-spam again
-        if not url or not author_name or not message:
-            logger.warning("empty field: data %s" % data)
-            abort(400)
-        if not check_form_data(data.to_dict()):
-            logger.warning("additional field: data %s" % data)
-            abort(400)
-
-        # add a row to Comment table
-        dao.create_comment(url, author_name, author_site, author_gravatar, message)
-
-    except Exception:
-        logger.exception("new comment failure")
+
+    data = request.form
+    logger.info("form data " + str(data))
+
+    # honeypot for spammers
+    captcha = data.get("remarque", "")
+    if captcha:
+        logger.warning("discard spam: data %s" % data)
         abort(400)
 
+    url = data.get("url", "")
+    author_name = data.get("author", "").strip()
+    author_gravatar = data.get("email", "").strip()
+    author_site = data.get("site", "").lower().strip()
+    if author_site and author_site[:4] != "http":
+        author_site = "http://" + author_site
+    message = data.get("message", "")
+
+    # anti-spam again
+    if not url or not author_name or not message:
+        logger.warning("empty field: data %s" % data)
+        abort(400)
+    if not check_form_data(data.to_dict()):
+        logger.warning("additional field: data %s" % data)
+        abort(400)
+
+    # add a row to Comment table
+    dao.create_comment(url, author_name, author_site, author_gravatar, message)
+
     return redirect("/redirect/", code=302)
 
 
 def check_form_data(d):
     fields = ["url", "message", "site", "remarque", "author", "token", "email"]
-    for field in fields:
-        if field in d:
-            del d[field]
-
-#    filtered = dict(filter(lambda x: x[0] not in fields, data.to_dict().items()))
-    return not d
+    filtered = dict(filter(lambda x: x[0] not in fields, d.items()))
+    return not filtered