From 6b30c4447eb0b90c4bc656b317cec262b549ccfc Mon Sep 17 00:00:00 2001
From: Stefan Ritter <xeno@thehappy.de>
Date: Sun, 8 Mar 2009 19:17:59 +0100
Subject: Comments:

* You can now add comments
---
 blogthon.cgi | 33 ++++++++++++++++++++++++++++++---
 1 file changed, 30 insertions(+), 3 deletions(-)

diff --git a/blogthon.cgi b/blogthon.cgi
index 5dd7d11..15e1fe5 100755
--- a/blogthon.cgi
+++ b/blogthon.cgi
@@ -43,6 +43,32 @@ if not post_display: post_display = ""
 if not static_display: static_display = ""
 if not allentries_display: allentries_display = ""
 
+# Commentstuff
+ctitle = action.getvalue('ctitle')
+cname = action.getvalue('cname')
+ctext = action.getvalue('ctext')
+if not ctitle: ctitle = ""
+if not cname: cname = ""
+if not ctext: ctext = ""
+
+# Comment to commit?
+if cname and ctext and ctitle:
+	# Prevent XSS hacks
+	cname = cname.replace("<", "&lt;")
+	cname = cname.replace(">", "&gt;")
+	cname = cname.replace("\"", "&quot;")
+	ctext = ctext.replace("<", "&lt;")
+	ctext = ctext.replace(">", "&gt;")
+	ctext = ctext.replace("\"", "&quot;")
+	
+	# Add comment
+	comments_file = glob.glob(entries_dir + ctitle + '.comments')
+	content = open(comments_file[0], "a+")
+	content.write("-." + cname + "\n")
+	content.write("+." + time.asctime() + "\n")
+	content.write("." + ctext + "\n")
+	content.close()
+
 print 'Content-type: text/html\n'
 print '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"'
 print ' "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">'
@@ -159,9 +185,10 @@ else: # Show regular entry
 
 						# Form for adding comments
 						print '                <br /><br /><br />'
-						print '                <form action=# method=get>'
-						print '                    <label for="name">name:</label><input type="text" id="name" name="name">'
-						print '                    <br /><label for="text">text:</label><textarea rows="5" id="text" name="text"></textarea>'
+						print '                <form method="post">'
+						print '                    <input type="hidden" name="ctitle" value="' + title + '">'
+						print '                    <label for="cname">name:</label><input type="text" id="cname" name="cname">'
+						print '                    <br /><label for="ctext">text:</label><textarea rows="5" id="ctext" name="ctext" wrap="hard"></textarea>'
 						print '                    <br /><input type="submit" id="submit" value="post comment">'
 						print '                </form>'
 
-- 
cgit v1.2.3