Merge pull request #553 from liangliangyy/dev

修复部分代码漏洞
4 years ago · 6512ab7542
parent e37109010f f4d7f9e153
commit 6512ab7542
3 changed files with 5 additions and 3 deletions
--- a/accounts/views.py
+++ b/accounts/views.py
@ -153,8 +153,8 @@ def account_result(request):
    if type and type in ['register', 'validation']:
        if type == 'register':
            content = '''
-    恭喜您注册成功，一封验证邮件已经发送到您 {email} 的邮箱，请验证您的邮箱后登录本站。
-    '''.format(email=user.email)
+    恭喜您注册成功，一封验证邮件已经发送到您的邮箱，请验证您的邮箱后登录本站。
+    '''
            title = '注册成功'
        else:
            c_sign = get_sha256(get_sha256(settings.SECRET_KEY + str(user.id)))
--- a/comments/urls.py
+++ b/comments/urls.py
@ -4,7 +4,6 @@ from . import views

 app_name = "comments"
 urlpatterns = [
-    # url(r'^po456stcomment/(?P<article_id>\d+)$', views.CommentPostView.as_view(), name='postcomment'),
    path(
        'article/<int:article_id>/postcomment',
        views.CommentPostView.as_view(),
--- a/comments/views.py
+++ b/comments/views.py
@ -1,4 +1,5 @@
 # Create your views here.
+from django.core.exceptions import ValidationError
 from django.http import HttpResponseRedirect
 from django.utils.decorators import method_decorator
 from django.views.decorators.csrf import csrf_protect
@ -40,6 +41,8 @@ class CommentPostView(FormView):
        article_id = self.kwargs['article_id']
        article = Article.objects.get(pk=article_id)

+        if article.comment_status == 'c' or article.status == 'c':
+            raise ValidationError("该文章评论已关闭.")
        comment = form.save(False)
        comment.article = article