From a61603e91a1e744240f396cfcdcfe730751ec1fe Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 20 Dec 2021 02:35:52 +0000
Subject: [PATCH 01/11] Bump django from 3.2.9 to 3.2.10

Bumps [django](https://github.com/django/django) from 3.2.9 to 3.2.10.
- [Release notes](https://github.com/django/django/releases)
- [Commits](https://github.com/django/django/compare/3.2.9...3.2.10)

---
updated-dependencies:
- dependency-name: django
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index 21ed186..eab3bbf 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,6 +1,6 @@
 coverage==6.2
 bleach==4.1.0
-Django==3.2.9
+Django==3.2.10
 django-compressor==3.1
 django-haystack==3.1.1
 django-ipware==4.0.2

From 848494bb38b4a5468c620d6bcea28960d7895b5d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 13 Jan 2022 00:45:19 +0000
Subject: [PATCH 02/11] Bump pillow from 8.4.0 to 9.0.0

Bumps [pillow](https://github.com/python-pillow/Pillow) from 8.4.0 to 9.0.0.
- [Release notes](https://github.com/python-pillow/Pillow/releases)
- [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst)
- [Commits](https://github.com/python-pillow/Pillow/compare/8.4.0...9.0.0)

---
updated-dependencies:
- dependency-name: pillow
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index eab3bbf..8ec4300 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -13,7 +13,7 @@ jieba==0.42.1
 jsonpickle==2.0.0
 Markdown==3.3.6
 mysqlclient==2.1.0
-Pillow==8.4.0
+Pillow==9.0.0
 Pygments==2.10.0
 python-logstash==0.4.6
 python-memcached==1.59

From 07be39ece182b6b47c4d08dfc5d1444069bb15bd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E4=B8=94=E5=90=AC=E9=A3=8E=E5=90=9F?=
 <liangliangyy@gmail.com>
Date: Thu, 13 Jan 2022 15:48:42 +0800
Subject: [PATCH 03/11] Update django.yml

---
 .github/workflows/django.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/django.yml b/.github/workflows/django.yml
index 9cf7535..d3da43d 100644
--- a/.github/workflows/django.yml
+++ b/.github/workflows/django.yml
@@ -26,7 +26,7 @@ jobs:
     strategy:
       max-parallel: 4
       matrix:
-        python-version: [ 3.6, 3.7, 3.8, 3.9 ]
+        python-version: [3.7, 3.8, 3.9 ]
 
     steps:
       - name: Start MySQL

From 33435bda01f2c9efd551275cb9f0dd5ce2579362 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E4=B8=94=E5=90=AC=E9=A3=8E=E5=90=9F?=
 <liangliangyy@gmail.com>
Date: Thu, 13 Jan 2022 15:49:01 +0800
Subject: [PATCH 04/11] Update django.yml

---
 .github/workflows/django.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/django.yml b/.github/workflows/django.yml
index d3da43d..d0eb1d8 100644
--- a/.github/workflows/django.yml
+++ b/.github/workflows/django.yml
@@ -65,7 +65,7 @@ jobs:
     strategy:
       max-parallel: 4
       matrix:
-        python-version: [ 3.6, 3.7, 3.8, 3.9 ]
+        python-version: [3.7, 3.8, 3.9 ]
 
     steps:
       - name: Start MySQL

From 1062046b3156802643efdcd58bf30dfaf2bb562d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 13 Jan 2022 07:53:16 +0000
Subject: [PATCH 05/11] Bump django from 3.2.10 to 3.2.11

Bumps [django](https://github.com/django/django) from 3.2.10 to 3.2.11.
- [Release notes](https://github.com/django/django/releases)
- [Commits](https://github.com/django/django/compare/3.2.10...3.2.11)

---
updated-dependencies:
- dependency-name: django
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index 8ec4300..0589b3b 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,6 +1,6 @@
 coverage==6.2
 bleach==4.1.0
-Django==3.2.10
+Django==3.2.11
 django-compressor==3.1
 django-haystack==3.1.1
 django-ipware==4.0.2

From be6ba51e6f0822f82e1ca816208b9b3c5faeafc2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E4=B8=94=E5=90=AC=E9=A3=8E=E5=90=9F?=
 <liangliangyy@gmail.com>
Date: Thu, 13 Jan 2022 15:54:13 +0800
Subject: [PATCH 06/11] update django to 3.2.11

---
 requirements.txt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 8ec4300..f3c41d2 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,6 +1,6 @@
 coverage==6.2
 bleach==4.1.0
-Django==3.2.10
+Django==3.2.11
 django-compressor==3.1
 django-haystack==3.1.1
 django-ipware==4.0.2
@@ -24,4 +24,4 @@ requests==2.26.0
 urllib3==1.26.7
 WeRoBot==1.13.1
 Whoosh==2.7.4
-user-agents==2.2.0
\ No newline at end of file
+user-agents==2.2.0

From b8fa19bf7bfcfdb98494b1315c5ec48b2ceea42c Mon Sep 17 00:00:00 2001
From: liangliangyy <liangliangyy@gmail.com>
Date: Mon, 24 Jan 2022 21:52:13 +0800
Subject: [PATCH 07/11] close #537

---
 blog/urls.py                     |  5 +----
 blog/views.py                    | 17 -----------------
 templates/blog/tags/sidebar.html |  1 -
 3 files changed, 1 insertion(+), 22 deletions(-)

diff --git a/blog/urls.py b/blog/urls.py
index f04b126..baec47e 100644
--- a/blog/urls.py
+++ b/blog/urls.py
@@ -55,7 +55,4 @@ urlpatterns = [
         r'upload',
         views.fileupload,
         name='upload'),
-    path(
-        r'refresh',
-        views.refresh_memcache,
-        name='refresh')]
+]
diff --git a/blog/views.py b/blog/views.py
index 710dbbf..4e32787 100644
--- a/blog/views.py
+++ b/blog/views.py
@@ -6,7 +6,6 @@ import uuid
 
 from django import forms
 from django.conf import settings
-from django.contrib.auth.decorators import login_required
 from django.http import HttpResponse, HttpResponseForbidden
 from django.shortcuts import get_object_or_404
 from django.shortcuts import render
@@ -313,22 +312,6 @@ def fileupload(request):
         return HttpResponse("only for post")
 
 
-@login_required
-def refresh_memcache(request):
-    try:
-
-        if request.user.is_superuser:
-            from djangoblog.utils import cache
-            if cache and cache is not None:
-                cache.clear()
-            return HttpResponse("ok")
-        else:
-            return HttpResponseForbidden()
-    except Exception as e:
-        logger.error(e)
-        return HttpResponse("error")
-
-
 def page_not_found_view(
         request,
         exception,
diff --git a/templates/blog/tags/sidebar.html b/templates/blog/tags/sidebar.html
index e17f269..2564761 100755
--- a/templates/blog/tags/sidebar.html
+++ b/templates/blog/tags/sidebar.html
@@ -126,7 +126,6 @@
                 <li><a href="{% url "account:login" %}" rel="nofollow">登录</a></li>
             {% endif %}
             {% if user.is_superuser %}
-                <li><a href="{% url "blog:refresh" %}" target="_blank">刷新缓存</a></li>
                 <li><a href="{% url 'owntracks:show_dates' %}" target="_blank">运动轨迹记录</a></li>
             {% endif %}
             <li><a href="http://gitbook.lylinux.net" target="_blank" rel="nofollow">GitBook</a></li>

From 5e581e42b357262e3533ff695c3c1e013baf2565 Mon Sep 17 00:00:00 2001
From: liangliangyy <liangliangyy@gmail.com>
Date: Mon, 24 Jan 2022 21:56:34 +0800
Subject: [PATCH 08/11] close #537

---
 blog/tests.py | 10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

diff --git a/blog/tests.py b/blog/tests.py
index 4391f17..84c9c1d 100644
--- a/blog/tests.py
+++ b/blog/tests.py
@@ -8,11 +8,11 @@ from django.test import Client, RequestFactory, TestCase
 from django.urls import reverse
 from django.utils import timezone
 
-from djangoblog.utils import get_current_site, get_sha256
 from accounts.models import BlogUser
 from blog.forms import BlogSearchForm
 from blog.models import Article, Category, Tag, SideBar, Links
 from blog.templatetags.blog_tags import load_pagination_info, load_articletags
+from djangoblog.utils import get_current_site, get_sha256
 
 
 # Create your tests here.
@@ -98,12 +98,7 @@ class ArticleTest(TestCase):
         s = load_articletags(article)
         self.assertIsNotNone(s)
 
-        rsp = self.client.get('/refresh')
-        self.assertEqual(rsp.status_code, 302)
-
         self.client.login(username='liangliangyy', password='liangliangyy')
-        rsp = self.client.get('/refresh')
-        self.assertEqual(rsp.status_code, 200)
 
         response = self.client.get(reverse('blog:archives'))
         self.assertEqual(response.status_code, 200)
@@ -140,9 +135,6 @@ class ArticleTest(TestCase):
         response = self.client.get('/links.html')
         self.assertEqual(response.status_code, 200)
 
-        rsp = self.client.get('/refresh')
-        self.assertEqual(rsp.status_code, 200)
-
         response = self.client.get('/feed/')
         self.assertEqual(response.status_code, 200)
 

From 312932b5f92628a88f4a95b329f5313a47331add Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E4=B8=94=E5=90=AC=E9=A3=8E=E5=90=9F?=
 <liangliangyy@gmail.com>
Date: Thu, 10 Feb 2022 16:19:04 +0800
Subject: [PATCH 09/11] Update requirements.txt

---
 requirements.txt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 8ec4300..912f257 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,6 +1,6 @@
 coverage==6.2
 bleach==4.1.0
-Django==3.2.10
+Django==3.2.12
 django-compressor==3.1
 django-haystack==3.1.1
 django-ipware==4.0.2
@@ -24,4 +24,4 @@ requests==2.26.0
 urllib3==1.26.7
 WeRoBot==1.13.1
 Whoosh==2.7.4
-user-agents==2.2.0
\ No newline at end of file
+user-agents==2.2.0

From ef8174d7a799b3cee5332d76b806cef57e20c5b1 Mon Sep 17 00:00:00 2001
From: liangliangyy <liangliangyy@gmail.com>
Date: Fri, 11 Feb 2022 11:38:51 +0800
Subject: [PATCH 10/11] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E9=83=A8=E5=88=86?=
 =?UTF-8?q?=E4=BB=A3=E7=A0=81=E6=BC=8F=E6=B4=9E?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 accounts/views.py                         |  4 ++++
 blog/templatetags/blog_tags.py            |  2 +-
 blog/views.py                             | 11 -----------
 comments/forms.py                         | 10 ----------
 comments/tests.py                         | 20 ++++++++-----------
 comments/views.py                         | 24 ++++++-----------------
 templates/blog/tags/article_info.html     |  8 ++++----
 templates/comments/tags/post_comment.html | 13 ------------
 8 files changed, 23 insertions(+), 69 deletions(-)

diff --git a/accounts/views.py b/accounts/views.py
index 627aa2d..8db6b0a 100644
--- a/accounts/views.py
+++ b/accounts/views.py
@@ -35,6 +35,10 @@ class RegisterView(FormView):
     form_class = RegisterForm
     template_name = 'account/registration_form.html'
 
+    @method_decorator(csrf_protect)
+    def dispatch(self, *args, **kwargs):
+        return super(RegisterView, self).dispatch(*args, **kwargs)
+
     def form_valid(self, form):
         if form.is_valid():
             user = form.save(False)
diff --git a/blog/templatetags/blog_tags.py b/blog/templatetags/blog_tags.py
index 3871e50..14116a3 100644
--- a/blog/templatetags/blog_tags.py
+++ b/blog/templatetags/blog_tags.py
@@ -53,7 +53,7 @@ def custom_markdown(content):
 def get_markdown_toc(content):
     from djangoblog.utils import CommonMarkdown
     body, toc = CommonMarkdown.get_markdown_with_toc(content)
-    return mark_safe(toc), mark_safe(body)
+    return mark_safe(toc)
 
 
 @register.filter(is_safe=True)
diff --git a/blog/views.py b/blog/views.py
index 4e32787..007154d 100644
--- a/blog/views.py
+++ b/blog/views.py
@@ -4,7 +4,6 @@ import logging
 import os
 import uuid
 
-from django import forms
 from django.conf import settings
 from django.http import HttpResponse, HttpResponseForbidden
 from django.shortcuts import get_object_or_404
@@ -117,17 +116,7 @@ class ArticleDetailView(DetailView):
         return obj
 
     def get_context_data(self, **kwargs):
-        articleid = int(self.kwargs[self.pk_url_kwarg])
         comment_form = CommentForm()
-        user = self.request.user
-        # 如果用户已经登录，则隐藏邮件和用户名输入框
-        if user.is_authenticated and not user.is_anonymous and user.email and user.username:
-            comment_form.fields.update({
-                'email': forms.CharField(widget=forms.HiddenInput()),
-                'name': forms.CharField(widget=forms.HiddenInput()),
-            })
-            comment_form.fields["email"].initial = user.email
-            comment_form.fields["name"].initial = user.username
 
         article_comments = self.object.comment_list()
 
diff --git a/comments/forms.py b/comments/forms.py
index 8f4a480..e83737d 100644
--- a/comments/forms.py
+++ b/comments/forms.py
@@ -5,16 +5,6 @@ from .models import Comment
 
 
 class CommentForm(ModelForm):
-    url = forms.URLField(label='网址', required=False)
-    email = forms.EmailField(label='电子邮箱', required=True)
-    name = forms.CharField(
-        label='姓名',
-        widget=forms.TextInput(
-            attrs={
-                'value': "",
-                'size': "30",
-                'maxlength': "245",
-                'aria-required': 'true'}))
     parent_comment_id = forms.IntegerField(
         widget=forms.HiddenInput, required=False)
 
diff --git a/comments/tests.py b/comments/tests.py
index 3b95550..b9d9fde 100644
--- a/comments/tests.py
+++ b/comments/tests.py
@@ -41,34 +41,32 @@ class CommentsTest(TestCase):
         article.status = 'p'
         article.save()
 
-        commenturl = reverse(
+        comment_url = reverse(
             'comments:postcomment', kwargs={
                 'article_id': article.id})
 
-        response = self.client.post(commenturl,
+        response = self.client.post(comment_url,
                                     {
                                         'body': '123ffffffffff'
                                     })
 
-        self.assertEqual(response.status_code, 200)
+        self.assertEqual(response.status_code, 302)
 
         article = Article.objects.get(pk=article.pk)
-        self.assertEqual(len(article.comment_list()), 0)
+        self.assertEqual(len(article.comment_list()), 1)
 
-        response = self.client.post(commenturl,
+        response = self.client.post(comment_url,
                                     {
                                         'body': '123ffffffffff',
-                                        'email': user.email,
-                                        'name': user.username
                                     })
 
         self.assertEqual(response.status_code, 302)
 
         article = Article.objects.get(pk=article.pk)
-        self.assertEqual(len(article.comment_list()), 1)
+        self.assertEqual(len(article.comment_list()), 2)
         parent_comment_id = article.comment_list()[0].id
 
-        response = self.client.post(commenturl,
+        response = self.client.post(comment_url,
                                     {
                                         'body': '''
                                         # Title1
@@ -83,15 +81,13 @@ class CommentsTest(TestCase):
 
 
         ''',
-                                        'email': user.email,
-                                        'name': user.username,
                                         'parent_comment_id': parent_comment_id
                                     })
 
         self.assertEqual(response.status_code, 302)
 
         article = Article.objects.get(pk=article.pk)
-        self.assertEqual(len(article.comment_list()), 2)
+        self.assertEqual(len(article.comment_list()), 3)
         comment = Comment.objects.get(id=parent_comment_id)
         tree = parse_commenttree(article.comment_list(), comment)
         self.assertEqual(len(tree), 1)
diff --git a/comments/views.py b/comments/views.py
index 4484f5b..241b60d 100644
--- a/comments/views.py
+++ b/comments/views.py
@@ -1,7 +1,7 @@
 # Create your views here.
-from django import forms
-from django.contrib.auth import get_user_model
 from django.http import HttpResponseRedirect
+from django.utils.decorators import method_decorator
+from django.views.decorators.csrf import csrf_protect
 from django.views.generic.edit import FormView
 
 from blog.models import Article
@@ -13,6 +13,10 @@ class CommentPostView(FormView):
     form_class = CommentForm
     template_name = 'blog/article_detail.html'
 
+    @method_decorator(csrf_protect)
+    def dispatch(self, *args, **kwargs):
+        return super(CommentPostView, self).dispatch(*args, **kwargs)
+
     def get(self, request, *args, **kwargs):
         article_id = self.kwargs['article_id']
 
@@ -23,16 +27,6 @@ class CommentPostView(FormView):
     def form_invalid(self, form):
         article_id = self.kwargs['article_id']
         article = Article.objects.get(pk=article_id)
-        u = self.request.user
-
-        if self.request.user.is_authenticated:
-            form.fields.update({
-                'email': forms.CharField(widget=forms.HiddenInput()),
-                'name': forms.CharField(widget=forms.HiddenInput()),
-            })
-            user = self.request.user
-            form.fields["email"].initial = user.email
-            form.fields["name"].initial = user.username
 
         return self.render_to_response({
             'form': form,
@@ -45,13 +39,7 @@ class CommentPostView(FormView):
 
         article_id = self.kwargs['article_id']
         article = Article.objects.get(pk=article_id)
-        if not self.request.user.is_authenticated:
-            email = form.cleaned_data['email']
-            username = form.cleaned_data['name']
 
-            user = get_user_model().objects.get_or_create(
-                username=username, email=email)[0]
-            # auth.login(self.request, user)
         comment = form.save(False)
         comment.article = article
 
diff --git a/templates/blog/tags/article_info.html b/templates/blog/tags/article_info.html
index 54883ce..5d1e437 100644
--- a/templates/blog/tags/article_info.html
+++ b/templates/blog/tags/article_info.html
@@ -51,16 +51,16 @@
             <p class='read-more'><a
                     href=' {{ article.get_absolute_url }}'>Read more</a></p>
         {% else %}
-            {% get_markdown_toc article.body as markdown %}
-            {% if article.show_toc %}
 
+            {% if article.show_toc %}
+                {% get_markdown_toc article.body as toc %}
                 <b>目录:</b>
-                {{ markdown.0|safe }}
+                {{ toc|safe }}
 
                 <hr class="break_line"/>
             {% endif %}
             <div class="article">
-                {{ markdown.1|safe }}
+                {{ article.body|custom_markdown|escape }}
             </div>
         {% endif %}
 
diff --git a/templates/comments/tags/post_comment.html b/templates/comments/tags/post_comment.html
index 5064f44..fa31ecd 100644
--- a/templates/comments/tags/post_comment.html
+++ b/templates/comments/tags/post_comment.html
@@ -13,19 +13,6 @@
                 {{ form.body }}
                 {{ form.body.errors }}
             </p>
-            <p class="comment-form-author">
-                {% if not form.name.is_hidden %}
-                    {{ form.name.label_tag }}
-                {% endif %}
-                {{ form.name }}
-                {{ form.name.errors }}
-            <p class="comment-form-email">
-                {% if not form.email.is_hidden %}
-                    {{ form.email.label_tag }}
-                {% endif %}
-                {{ form.email }}
-                {{ form.email.errors }}
-            </p>
             {{ form.parent_comment_id }}
             <div class="form-submit">
                 <span class="comment-markdown"> 支持markdown</span>

From f4d7f9e153585e25f15df8fec189544077f80180 Mon Sep 17 00:00:00 2001
From: liangliangyy <liangliangyy@gmail.com>
Date: Mon, 14 Feb 2022 14:51:38 +0800
Subject: [PATCH 11/11] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E9=83=A8=E5=88=86?=
 =?UTF-8?q?=E4=BB=A3=E7=A0=81=E6=BC=8F=E6=B4=9E?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 accounts/views.py | 4 ++--
 comments/urls.py  | 1 -
 comments/views.py | 3 +++
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/accounts/views.py b/accounts/views.py
index 8db6b0a..06803c7 100644
--- a/accounts/views.py
+++ b/accounts/views.py
@@ -153,8 +153,8 @@ def account_result(request):
     if type and type in ['register', 'validation']:
         if type == 'register':
             content = '''
-    恭喜您注册成功，一封验证邮件已经发送到您 {email} 的邮箱，请验证您的邮箱后登录本站。
-    '''.format(email=user.email)
+    恭喜您注册成功，一封验证邮件已经发送到您的邮箱，请验证您的邮箱后登录本站。
+    '''
             title = '注册成功'
         else:
             c_sign = get_sha256(get_sha256(settings.SECRET_KEY + str(user.id)))
diff --git a/comments/urls.py b/comments/urls.py
index bc22017..7df3fab 100644
--- a/comments/urls.py
+++ b/comments/urls.py
@@ -4,7 +4,6 @@ from . import views
 
 app_name = "comments"
 urlpatterns = [
-    # url(r'^po456stcomment/(?P<article_id>\d+)$', views.CommentPostView.as_view(), name='postcomment'),
     path(
         'article/<int:article_id>/postcomment',
         views.CommentPostView.as_view(),
diff --git a/comments/views.py b/comments/views.py
index 241b60d..ac1cf04 100644
--- a/comments/views.py
+++ b/comments/views.py
@@ -1,4 +1,5 @@
 # Create your views here.
+from django.core.exceptions import ValidationError
 from django.http import HttpResponseRedirect
 from django.utils.decorators import method_decorator
 from django.views.decorators.csrf import csrf_protect
@@ -40,6 +41,8 @@ class CommentPostView(FormView):
         article_id = self.kwargs['article_id']
         article = Article.objects.get(pk=article_id)
 
+        if article.comment_status == 'c' or article.status == 'c':
+            raise ValidationError("该文章评论已关闭.")
         comment = form.save(False)
         comment.article = article