Code cleanup and bugfix

This commit is contained in:
Stefan Ritter 2009-12-02 14:12:05 +01:00
parent aabeaf3cbc
commit 2fb6e1483d

View File

@ -121,12 +121,10 @@ action = cgi.FieldStorage()
month_display = action.getvalue('m') month_display = action.getvalue('m')
static_display = action.getvalue('s') static_display = action.getvalue('s')
if static_display: static_display = re.sub('/', '', static_display) if static_display: static_display = static_display.replace('/', '')
post_display = action.getvalue('p') post_display = action.getvalue('p')
if post_display: if post_display: post_display = post_display.replace(' ', '-').replace('/', '')
post_display = post_display.replace(' ', '-') \
.replace('/', '')
allentries_display = action.getvalue('a') allentries_display = action.getvalue('a')
feed_display = action.getvalue('feed') feed_display = action.getvalue('feed')
@ -151,12 +149,8 @@ if not cquizv: cquizv = ""
# Comment to commit? # Comment to commit?
if cname and ctext and ctitle: if cname and ctext and ctitle:
# Prevent XSS hacks # Prevent XSS hacks
cname = cname.replace('<', '&lt;') \ cname = cname.replace('<', '&lt;').replace('>', '&gt;').replace('\'', '&quot;')
.replace('>', '&gt;') \ ctext = ctext.replace('<', '&lt;').replace('>', '&gt;').replace('\'', '&quot;')
.replace('\'', '&quot;')
ctext = ctext.replace('<', '&lt;') \
.replace('>', '&gt;') \
.replace('\'', '&quot;')
# Add comment # Add comment
if not cquiz == cquizv: if not cquiz == cquizv:
@ -179,7 +173,7 @@ if cname and ctext and ctitle:
content.close() content.close()
# Send mail? # Send mail?
if new_comment_mail: if new_comment_mail:
msg = 'From: Blogthon\nTo: ' + mail_to + '\nSubject: New comment on ' + blog_title + '\n\nSomeone wrote a comment to this entry: ' + blog_url + '?p=' + re.sub(' ', '-', ctitle) msg = 'From: Blogthon\nTo: ' + mail_to + '\nSubject: New comment on ' + blog_title + '\n\nSomeone wrote a comment to this entry: ' + blog_url + '?p=' + ctitle.replace(' ', '-')
smtp = smtplib.SMTP(smtp_host) smtp = smtplib.SMTP(smtp_host)
smtp.sendmail(blog_title, mail_to, msg) smtp.sendmail(blog_title, mail_to, msg)
smtp.quit() smtp.quit()
@ -396,12 +390,12 @@ else:
title = title.replace('.' + entries_suffix, '') title = title.replace('.' + entries_suffix, '')
if month_display == date_to_compare or not month_display: if month_display == date_to_compare or not month_display:
if post_display == post_display.replace(' ', '-') or not post_display: if post_display == title.replace(' ', '-') or not post_display:
if allentries_display == "1" or entry_counter < entries_per_page: if allentries_display == "1" or entry_counter < entries_per_page:
content = open(entry, "r") content = open(entry, "r")
print ' <div class="entry">' print ' <div class="entry">'
if permalinks: if permalinks:
print ' <div class="entry_title"><a href="?p=' + re.sub(' ', '-', title) + '" class="entry_title">' + title + '</a></div>' print ' <div class="entry_title"><a href="?p=' + title.replace(' ', '-') + '" class="entry_title">' + title + '</a></div>'
else: else:
print ' <div class="entry_title">' + title + '</div>' print ' <div class="entry_title">' + title + '</div>'
print ' <div class="entry_date">' + date + '</div>' print ' <div class="entry_date">' + date + '</div>'