|
|
|
@ -13,15 +13,10 @@ logger = logging.getLogger(__name__)
|
|
|
|
|
|
|
|
|
|
@app.route("/newcomment", methods=["POST"])
|
|
|
|
|
def new_form_comment():
|
|
|
|
|
try:
|
|
|
|
|
|
|
|
|
|
data = request.form
|
|
|
|
|
logger.info("form data " + str(data))
|
|
|
|
|
|
|
|
|
|
# validate token: retrieve site entity
|
|
|
|
|
token = data.get("token", "")
|
|
|
|
|
if token != app.config.get("SITE_TOKEN"):
|
|
|
|
|
abort(401)
|
|
|
|
|
|
|
|
|
|
# honeypot for spammers
|
|
|
|
|
captcha = data.get("remarque", "")
|
|
|
|
|
if captcha:
|
|
|
|
@ -47,20 +42,12 @@ def new_form_comment():
|
|
|
|
|
# add a row to Comment table
|
|
|
|
|
dao.create_comment(url, author_name, author_site, author_gravatar, message)
|
|
|
|
|
|
|
|
|
|
except Exception:
|
|
|
|
|
logger.exception("new comment failure")
|
|
|
|
|
abort(400)
|
|
|
|
|
|
|
|
|
|
return redirect("/redirect/", code=302)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def check_form_data(d):
|
|
|
|
|
fields = ["url", "message", "site", "remarque", "author", "token", "email"]
|
|
|
|
|
for field in fields:
|
|
|
|
|
if field in d:
|
|
|
|
|
del d[field]
|
|
|
|
|
|
|
|
|
|
# filtered = dict(filter(lambda x: x[0] not in fields, data.to_dict().items()))
|
|
|
|
|
return not d
|
|
|
|
|
filtered = dict(filter(lambda x: x[0] not in fields, d.items()))
|
|
|
|
|
return not filtered
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|