没有电子邮件的用户无法使用 Django 的评论框架发表评论 [英] A user with no email can't post a comment using Django's comments framework
问题描述
我用自己的模板覆盖了评论框架的 form.html 模板
I have overrode the comments framework's form.html template with my own
{% load comments i18n %}
<form action="{% comment_form_target %}" method="post">{% csrf_token %}
<div><input type="hidden" name="next" value="{{ request.get_full_path }}" /></div>
{% for field in form %}
{% if field.is_hidden %}
<div>{{ field }}</div>
{% else %}
{% if field.name != "name" and field.name != "url" and field.name != "email" %}
{% if field.errors %}{{ field.errors }}{% endif %}
<p
{% if field.errors %} class="error"{% endif %}
{% ifequal field.name "honeypot" %} style="display:none;"{% endifequal %}
>
{{ field.label_tag }}<br />
{{ field }}
</p>
{% endif %}
{% endif %}
{% endfor %}
<p class="submit">
<input type="submit" name="post" class="submit-post" value="{% trans "Post" %}" />
</p>
</form>
它几乎只呈现所需的隐藏字段(为了安全)和评论字段.所有comment.user 自动设置为当前登录的用户request.user.这是呈现的 HTML:
It pretty much only renders the needed hidden fields (for security) and the comments field. All comment.user is automatically set as the current logged in user request.user. Here is the rendered HTML:
<form action="/comments/post/" method="post"><div style='display:none'><input type='hidden' name='csrfmiddlewaretoken' value='bd05094c2e3ba80e1fbec8a4237b132c' /></div>
<div><input type="hidden" name="next" value="/doors/orders/1/" /></div>
<div><input type="hidden" name="content_type" value="doors.order" id="id_content_type" /></div>
<div><input type="hidden" name="object_pk" value="1" id="id_object_pk" /></div>
<div><input type="hidden" name="timestamp" value="1333125894" id="id_timestamp" /></div>
<div><input type="hidden" name="security_hash" value="c6791aafdd682cd8db5595681073c9a21c5fe7dd" id="id_security_hash" /></div>
<p>
<label for="id_comment">Comment</label><br />
<textarea id="id_comment" rows="10" cols="40" name="comment"></textarea>
</p>
<p style="display:none;" >
<label for="id_honeypot">If you enter anything in this field your comment will be treated as spam</label><br />
<input type="text" name="honeypot" id="id_honeypot" />
</p>
<p class="submit">
<input type="submit" name="post" class="submit-post" value="Post" />
</p>
</form>
问题是我注意到如果登录的用户没有电子邮件,那么评论会转到 preview.html(我没有覆盖).截图如下:
The problem is I noticed that if the logged in user doesn't have an email, then the comments goes to preview.html (which I haven't overridden). Here is the screenshot:
这是一个安全问题,因为它允许某人在发布之前更改他们的姓名而不是使用登录用户的姓名(当我列出评论时,我使用 comment.user.get_full_name 而不是 comment.name 所以这不是问题,但它仍然可能在管理页面中令人困惑).
This is a security issue since it allows someone to change their name instead of using the logged in user's name before posting (when I list the comments, I use comment.user.get_full_name instead of comment.name so it's not an issue there, but it could still be confusing in, say, the admin page).
所以我的问题是:
- 如何允许没有电子邮件的用户发表评论?
- 我如何不允许表单转到
preview.html? - 到目前为止我的代码和设计还好吗?
推荐答案
好吧,你可以使用 自定义 文档,用于创建处理来自评论框架的评论的自定义应用程序.你应该在你的设置文件中设置 COMMENTS_APP = 'my_comment_app' 并在你的应用程序的 __init__.py 中指定一个 get_form() 方法,它应该返回你的自定义表格.
Well, you can use the customization documentation to create a custom app that handles comments from comments framework. You should set COMMENTS_APP = 'my_comment_app' in your settings file and specify a get_form() method in your app's __init__.py which should return your custom form.
自定义表单应该基于 contrib.comments.forms.CommentForm 并且应该看起来像这样:
The custom form should be based on contrib.comments.forms.CommentForm and should look something like that:
class CustomForm(comment_forms.CommentForm):
def __init__(*args, **kwargs):
super(CustomFors, self).__init__(*args, **kwargs)
self.fields["email"].required = False
preview.html 呈现是因为表单包含错误(需要 emai,但用户没有它,所以它没有被填充).如果没有错误 - 将不会显示预览.
preview.html is rendered because the form contains errors (emai is required, but user doesn't have it and so it's not populated). If there are no errors - preview won't be shown.
这篇关于没有电子邮件的用户无法使用 Django 的评论框架发表评论的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
