diff options
| author | Stefan Ritter <xeno@thehappy.de> | 2009-03-08 19:17:59 +0100 |
|---|---|---|
| committer | Stefan Ritter <xeno@thehappy.de> | 2009-03-08 19:17:59 +0100 |
| commit | 6b30c4447eb0b90c4bc656b317cec262b549ccfc (patch) | |
| tree | 1d84e8e3b84352efbb858c2cd40dd88e36adeccd | |
| parent | 5d2010c6e107e9bd7044b951695db233e77531f3 (diff) | |
Comments:
* You can now add comments
Diffstat (limited to '')
| -rwxr-xr-x | blogthon.cgi | 33 |
1 files changed, 30 insertions, 3 deletions
diff --git a/blogthon.cgi b/blogthon.cgi index 5dd7d11..15e1fe5 100755 --- a/blogthon.cgi +++ b/blogthon.cgi @@ -43,6 +43,32 @@ if not post_display: post_display = "" if not static_display: static_display = "" if not allentries_display: allentries_display = "" +# Commentstuff +ctitle = action.getvalue('ctitle') +cname = action.getvalue('cname') +ctext = action.getvalue('ctext') +if not ctitle: ctitle = "" +if not cname: cname = "" +if not ctext: ctext = "" + +# Comment to commit? +if cname and ctext and ctitle: + # Prevent XSS hacks + cname = cname.replace("<", "<") + cname = cname.replace(">", ">") + cname = cname.replace("\"", """) + ctext = ctext.replace("<", "<") + ctext = ctext.replace(">", ">") + ctext = ctext.replace("\"", """) + + # Add comment + comments_file = glob.glob(entries_dir + ctitle + '.comments') + content = open(comments_file[0], "a+") + content.write("-." + cname + "\n") + content.write("+." + time.asctime() + "\n") + content.write("." + ctext + "\n") + content.close() + print 'Content-type: text/html\n' print '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"' print ' "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">' @@ -159,9 +185,10 @@ else: # Show regular entry # Form for adding comments print ' <br /><br /><br />' - print ' <form action=# method=get>' - print ' <label for="name">name:</label><input type="text" id="name" name="name">' - print ' <br /><label for="text">text:</label><textarea rows="5" id="text" name="text"></textarea>' + print ' <form method="post">' + print ' <input type="hidden" name="ctitle" value="' + title + '">' + print ' <label for="cname">name:</label><input type="text" id="cname" name="cname">' + print ' <br /><label for="ctext">text:</label><textarea rows="5" id="ctext" name="ctext" wrap="hard"></textarea>' print ' <br /><input type="submit" id="submit" value="post comment">' print ' </form>' |